Release Notes: Here's What's New in Your Ontic Platform (v17.0)

Release Date: December 10th, 2022


New Features

Field Workflow

Configure field workflows for Investigations or incidents, and permission control statuses

What it is: Ability to configure an investigation and incident status workflow to control the transition of investigations or incidents from one status to another during its lifecycle – typically representing a process within an organization. 

While configuring the workflow, users can set the transition properties to define how the transition operates. These include conditions and post functions (actions):

  • Conditions specify prerequisites that must exist before a transition can be used. It can control either who performs a transition or under what circumstances the transition is available. Failure to meet a condition will hide the transition from the user. 

  • Post functions (actions) allow you to define additional processes that must be performed during a transition. For instance, if a transition starts a process, you can use post functions to require additional steps to be performed at the same time, such as creating related tasks, task creation, Investigation update and send alert. 

Why it matters: 

  1. Currently, any user can move an investigation or incident from one status to any other status – there is no control on that transition. 

  2. Administrators must go to the rules section to set up alerts and task creation. 

  3. Administrators cannot currently set up permissions for who can change certain statuses of an investigation or incident.


How it Works: Go to Administration -> Field workflow. Click on “Add Workflow” . Enter details. 

* Note: Workflow can be created for the asset and asset category. *

Click “Continue” to open the Workflow diagram and view all statuses defined for an investigation or incident.

Click on “Table” to see the table view of the transitions:

Click on “Draft” to view the current status details:

Deselecting “Allow any current status to transition to this” will allow the user to transition to this status from any available status. 

Click on “Add New” under transitions:

Select the status to apply a transition. Click on “Continue to Configuration”:

Conditions can be set for an asset (i.e. investigation or incident) as well as for the user. Select from the dropdown:

Add conditions:

Conditions defined above will allow transitions only if the user is having a role (Test Role) and investigation risk level is high. If these conditions are not met, users can not see the status “New” to make the transition.

Click on the “Actions” tab:

The user can set any post functions here:

Alert can be sent to any user defined in the user list or to a user whose name is selected while starting an investigation or incident – ie, the Lead investigator or team lead.

Click on “Save”

When transitions for all status are defined, the workflow is configured.

Activate the workflow. Only one workflow per category can be enabled.

Once configured, when a user clicks on the status, only those status are visible to which a user is allowed to make a transition based on the conditions defined:

Asset Type Fields

Define linked asset types (principal, entity, or investigation)

What it is: Ability to create cross-asset (Entity, Investigation, Principal) linked fields. These fields will support cross-asset computed values, but are not exposed as visual connections.

Why it Matters: 

  • Current cross-asset connections are visual representations of the possible risk landscape across asset types. 

  • This asset field type provides an alternative to link without displaying these links. 

  • This supplemental linkage of assets also provides ability for linkage of computational data fields across the asset types.

Possible use cases for this non-visual computational linkage can include calculations of the time and or costs of work performed on related entities or investigations.

How it works: Go to Fields -> Add field -> Select Input Type as dropdown/Multiple choice dropdown.  Then select the value type as Entity, Principal, or Investigation.

Asset type table widget support in layout

What it is: Added support for the Asset Type table widget for Entity, Investigation, Principal & Incident through the Linked Assets Section/Widget. It can be added by Adding a Section of type Linked Asset.

Why it matters: When two assets are linked together and details of one asset needs to be shown on another asset in tabular format, this capability enables the user to view details of the linked asset.

How it works: Go to the Investigation Layout -> Click on “Add Section” -> Select Investigation linked Asset -> Select fields 

Select column which needs to be displayed in a table under column configuration.

In the image above, Incident-2836 is linked to the investigation CASE-1625 through a referencing field “Linked to Investigation”. Incident 2836 details will be visible on investigation CASE-1625 (see image below).

Computed Fields Using Cross Assets Fields

Define a field whose value is computed from the value of other fields

This feature is Property Controlled - If you are interested in learning more, please contact your success manager.

What it is: Ability to surface a specific value or a sum of values that are connected to one another either through connection or a Linked Asset Field.

Why it matters:  Provides users greater flexibility and ease in viewing data that is related to the asset due to its association with one another.

Use Cases:

  • Associated Time/Costs of an Entity/Incident/Investigation and the impact on a Principal.  

    • Ie. 40 incidents of theft occurred at a principal location. 

    • Users create a field or metric to view that 40 incidents impacted Principal

    • Those 40 Incidents have a cumulative cost of $67,000 for the specific location.

  • Associated Time/Costs of Entity/Incident/Principal and the impact on an Investigation.  

    • Ie. 3 entities are tied to an investigation and each entity has a specific and separate cost for the proper evaluation.

    • Those computed values are maintained within the 3 entities individually, but can be sum of the 3 is computed and surfaced in the Investigation.


Business Filters

Create business filters at dashboard level for all asset types

What it is: Business filters give users the ability to create customized and advanced filters based upon their needs. They will be available across dashboards, feeds, and metrics. 

  • Filters can be configured to be displayed upfront so that an analyst has access to the most important options. These are called primary filters. 

  • Removing a filter from the 'Upfront' section will move that filter to the 'More' section (ie, filters that are used less frequently.)

  • Filters are now searchable.

  • Advanced business filters are logical groupings of field values, built with OR, AND & NOT operators (boolean).

    • Sample Use Case: Create a custom filter (ie, Threat Level is High & BOLO is Yes)

    • Sample Use Case: Build metrics widgets that isolate individually tagged items.

** Important Note: Entity business filter will be visible in Entity Metrics dashboard/widget. Hence, they can be used to filter the dashboard/widget. Similarly, Incident business filters can be applied on Incident metrics dashboard/widget. Same is the case for filtering Investigation dashboard/widget. **

Why it matters: Business Filters allow users to narrow down to a desired entity, principal, investigation or incident quickly. These filters will be available to all users across the platform and will give way to further tailoring to each client’s needs.

How it works: Go to Admin → Filter Layout 

Choose the asset type you’d like to create a custom filter layout for. Click ‘Create New Template’ to select which filters you want to show up front (primary filters) and which you would like to display under ‘More Filters’:

To create an advanced filter, click on ‘Create Advanced Filter’. In this example, the advanced filter will narrow in on only the entities where the threat is high, but the RFI is not ‘Ideology’. 

Click ‘Update’. You can now apply this Business Filter in entity dashboards, feeds, or metrics.

** Note: Advance filter created needs to be mapped onto a user role. Go to a role -> Filter layout -> select advance filter. **

In entity dashboards, click on the filter icon. You will see your configured filter layout in the drop down:

Similarly, in metrics, you will see your chosen filter layout:

Search for your filters in the search bar, and to access all of your filters, click “More Filters”: 

SLA (“Service Level Agreement”) time tracking

Track time spent within an investigation

What it is: SLAs are used to track and manage the amount of time taken to move an investigation from open to close, or from one status/stage to another. 

** Currently only available for investigations. **

Why it matters: SLA tracking provides visibility into how effectively and efficiently we are resolving issues, and if employees are meeting their obligations.

How it works: Time zone from user’s browser will be considered, along with holidays calendar, for SLA calculation. To calculate the average time spent in investigation, there should be a start and an end time. Also, Investigations are marked Compliant/Non- compliant in which only the start date is taken. Users would be able to see how many investigations are meeting their SLA.

First, users need permissions to access business hours, as they are permission controlled at the workspace level.

Next, go to Admin -> Business hours to set up the business hours used for SLA calculation. Business hours are permission controlled and at the workspace level.

Next, you need to define your SLAs within each status. Go to Fields -> Status

SLA can be defined for an individual status or for a group of statuses. 

Click on “Add Stage” -> Select the status which needs to be included under stage and define SLA.

** SLA will not be calculated for historical investigations **

Go to metrics -> Standard Investigation Dashboard. Standard SLA widgets will be at the bottom of the dashboard, titled ‘Time To Close’ and ‘Time to Close Per Lead Investigator’:

When stages are added for SLA tracking, the corresponding dimension gets exposed in metrics:

  • Individual stage compliance - [ Stage Name + Stage Compliance - Status ]. 

    • Dimensions for all stages will be exposed in metrics under X-axis.

  • Time Spent in individual status in stage - [Status + Status Name + Latest time]

    • Dimensions for all status will be exposed in metrics under X-axis.

  • Last time an investigation was in that status [Time Spent in + Status Name +Status ]

    • Dimensions for all status will be exposed in metrics under  “Value”

  • Time Spent in individual status in stage - [ Time Spent in +  Stage Name + Stage - Status ]  

    • Dimensions for all status will be exposed in metrics under  “Value”.

  • Time to Close Investigation - Dimension will be exposed under “Value”

To create a compliance widget (aka ‘Completion Status’), go to metrics and create a new Basic widget. Choose ‘Completion Status’ chart type, choose chart for investigation, and for field choose ‘WorkPlan in progress stage compliance - status’:

To create a widget that calculates the time spent in a specific status, create a vertical bar chart. Depending on how you want to display the data, choose your x-axis – in this example we are calculating the average SLA by lead investigator. 

Next, under ‘What do you want to measure’, within the ‘Value’ field, search for “Time Spent in ____ Status”, how you want to run the calculation (ie, average), and how you want to format the data (days, hours, etc);



Search Principals & Sub-Principals from Universal Search 

What it is: Principals and Sub-Principals are now accessible via the Global Search. A new tab has been added into the search results (Principals) where any relevant results will be displayed. In the case of Sub-Principals, the relationship to its parent object will be displayed.

Advanced Search options include:

  • Name (Partial or exact)

  • Description

  • Address

Why it matters: It is important for users to be able to quickly search and access Principals/Sub-Principals from the Global Search tool. Previously, users were required to search for Principals via the Principals Dashboard, or through associated objects.

What it is: The ability to navigate to the information that is referenced in the Principal Header of associated information (Entities, Signals, Investigations, Incidents). 

Why it matters: For security teams with a Principal first approach, where ease of navigation is important through the view of the Principal, this improves usability by giving quick access to relevant, linked information.

Clicking one of the highlighted options will bring you to the associated tab. 

Add credit card and driving license section in Principal’s information section

What it is: Adds additional fields to the Information view on Principals (Driving License, Credit Card).

Why it matters: Adds additional personally identifying information so a Principal can be recognized through other signals and feed sources. 

**Note: For privacy, credit card details are not visible (see example below).**

How it works: Open a Principal -> Information Section -> Add Credit card/Driving license details.

Update principal via unique identifier

What it is: The ability to update Principal information using a unique identifier which can be uploaded using an external file. 

Why it matters: Enables updates of existing Principals for updates/mass uploads. For example, external systems may generate periodic reports which are uploaded in Ontic to refresh data and update details. Previously, details could not be added on existing Principals via this functionality.

How it works: Administration→Imports→ Principal. Click on “Import Principals''. Upload the details along with the unique identifier in the file format provided in the import window. Details will be appended in the principal whose identifier was mentioned in the import file.

Principal card configuration

What it is: Ability to customize the content displayed in the principal card.  If that field has expanded details a pop-out window with those details is displayed. 

Why it matters: Provides visibility of important details associated with the principal.  

How it works: Administration→Layouts→ choose the applicable Principal layout. Click on Card Layout. The card has three sections: Overview, Details and Footer.  Within details, users can add up to 4 rows of principal fields.  Business object fields can also be selected.


Entity dashboard enhancements

What it is: Numerous updates to entity list dashboard capabilities and views:

  1. Ability to configure the columns in the entity list dashboard

  2. The Security directive field can be moved out of the entity list dashboard view

  3. Export filtered entities from dashboard view 

  4. Exported files will include a link to the associated investigations 

Why it matters: Provides greater flexibility in organizing the entity list dashboard with the data that is most impactful to the user.

How it works:  Go to Entity dashboard -> Select list view -> click on the Entity’s table column Selector iconon top right. Toggle the custom fields and security directive field on and off based upon your needs.

To export entities:

This feature is controlled by a permission. Users with the ‘Download Report’ permission within the Entity category will be able to export these reports.

Go to “Entity Dashboard”. Click on three dots -> Export Dashboard.

Choose PDF or Excel to determine the file format for your export. Ontic will alert you when the report is ready for download.

Embed task widget in entity details layout

What it is: Ability to embed task widget in entity details layout

Why it’s important: Users can add multiple task widgets, each with different configurations in entity layouts. It will provide more flexibility for the user while adding task widgets.

How it works: Go to Entity layout -> Add section. Add task and configure it. Users can add another task widget with different configuration.


Nomenclature change from Observations to Incidents

What it is: We are adopting the standard nomenclature of ‘Incidents’, and we will sunset ‘Observations’ on the platform. For clients who have custom ‘labels’, those will not change.

Why it’s important: Historically, Ontic provided users with the ability to create ‘observations’ in the field. As Ontic’s capabilities have expanded, these instances are better aligned to the industry standards of ‘Incidents’ and ‘Incident Management’.

Where you’ll see the changes: 

  1. “ADD” Menu

  2. Homepage

  3. Nav bar

  4. Administrative areas

  5. Incident Dashboards

  6. Metrics Dashboards

Support of inline editing in incidents

What it is: Ability to edit in incident detail form, incident workflow, and incident feed.

Why it matters: 

  • Currently, users have to click on the edit button to open an incident form, where the fields can be edited. 

  • To edit the workflow fields in a form the user had to click on the edit button. 

  • Currently, it takes a large number of clicks to edit these fields.

How it works:  Open Incident -> Go to Workflow section -> Hover on any field that needs to be edited -> The edit button will be visible.

Go to the incident feed -> Open incident -> Hover on any field which needs to be updated -> Edit button will be visible.

Core Platform

Unification of manage workspace/visibility across all assets

What it is: It unifies the “Manage Visibility” capability in the platform across all assets. User visibility restriction permission can also be controlled at the role level.

Why it matters: 

  • Currently, across all assets, both workspace visibility and user visibility are not available. For example, in incidents only workspace visibility is available. 

  • Users cannot manage user visibility for incidents.

How it works: Go to any asset (ie, Principal) -> Click on “Workspace and Visibility” -> Set the user/workspace visibility. 

Only those roles who have the permission to set user visibility restrictions will be able to set user visibility.

Minimum radius parity across platform

What it is: Ability to have radius functionality consistent across the platform.

Why it matters: 

  • Users are not looking at data under the same standardized lens and it is frustrating and challenging to know what information to trust. 

  • Currently, the smallest radius allowed in Geo Risks and Rules is 0.5 miles whereas it is 10 miles from the entity dashboard and in Feeds.

How it works: Create a “Real time Event” feed -> Click on “Geo fencing” on the left-hand-side -> Select location. 

The slider can be adjusted to 0.5 Miles. This is applicable to all dashboards (Entity, Topic, Principal) where location coordinates are used.

Support of new file formats

What it is: We now support these additional file formats:

  • "htm"

  • "msf"

  • "wmf"

  • "mpg"

  • "xlsm"

  • "jpeg"

  • "wma"

* Note:  For HTML files, a separate property HTML_FILE_UPLOAD_ENABLED needs to be enabled *

Why it matters: Currently, many file formats have not been supported - preventing some users from uploading their files to Ontic.

How it works: Goto Entity -> Files -> Click on Add file.

In platform files can be added as attachments from many places – i.e Notes, team chat, Files, etc.

Business object export support for all the asset types

What it is: Ability to export business object fields for all asset types.

Why it matters: Currently, business object field values do not get exported. This leads to an incomplete data export which prevents users from doing complete analysis of asset data.

How it works: Open any asset (Entity, Principal, Investigation, Incident) -> Click on three dots -> Export Dashboard. 

Exported files will have values under business object fields.

Unify header across entity, investigation, principal

What it is: Unification of the header of all assets i.e investigation, principal & entity. 

Why it matters: Currently in the entity, a user can see relevant information upfront and can drill through those numbers to see details, but this is not consistent across other assets. 

How it works: Expands the capability across the platform so users can view relevant information upfront in the header of all assets.

Create business object using standard business objects

What it is: The ability to create a single or multiple business object by adding in one or more of the standard business objects (standard objects currently include name, SSN, phone, email, address, coordinates, social profile). 

Why it matters: Provides greater flexibility to add necessary information to assets.

Use Cases: 

  • Principals: Contact information for those responsible employees / contractors affiliated with the person, location, event, travel, etc… (these fields can also be added to principal cards and exposed on Real Time Threat Detection Maps)

  • Incidents: External contactors or non-users that would need to be referenced.  

How it works: Navigate to Layouts and add a field in an existing or new section. Select create field and select with a single or multiple business object. Select create new business object. Select a single business object and choose from one of the existing standard business objects to create a robust set of fields.

Example of a new business object created by grouping the standard business objects of Name, Phone, and Email.

What it is: Ability to capture all of the relevant information available in TLO tied to a specific business in one search.

Why it matters: Quicker and consolidated access to all of the extensive information that is connected to a business within TLO.

  • Provides extensive information which includes civil record details, affiliations, corporate relation, etc.

  • Improves access to actionable information delivered in simple to understand search results and reports. 

  • Parity with existing comprehensive search on individuals. 

How it works:  Go to TLO Search -> Business Search -> Enter the details and click on “Search”.

Search results will be listed. Click on “View Detail” of any search result. 


Click on “Comprehensive search”:

Export the search report by clicking on “Export”

Change sort order of threat level 

What it is: Move threat level positions with the current up/down sort ordering available in other standard fields such as RFI.

Why it matters: When a new taxonomy of threat level is used, currently users have to update the names of the threat level, then change any necessary entities. 

How it works: Go to Administration -> Fields -> Entity -> Standard Field. Edit Field Threat Level. After clicking on ‘Sort’, users can change the order to ascending, descending, or a customized sort.

Homepage Spotlight: Option to customize widgets

What it is: 

  • Customize your spotlight by configuring which metric widgets to show at the top of your homepage when you log-in.

  • Metrics will be focused on the last 48 hours

  • You can see standard widgets out of the box, hide the default widgets, and add your own.

Why it matters: 

  • Users have varying priorities and want to customize what they see upon logging into Ontic - ie, tracking specific metrics daily.

  • These upgrades will save time and get users the information they need fast.

How it works: On the homepage, you will see the new spotlight section:

Click the three dots from the Spotlight section to add the widgets:

From here you reorder the widgets, hide, and add more. Click on the Plus sign to add more widgets. Choose the metrics dashboard you’d like to add a widget from, then click the checkboxes for the specific widgets you’d like to see.

You can also update your homepage layout and spotlight widgets from the administration area. 

9 Dot menu -> Administration -> Layouts -> Home Layouts -> Create- New Template Button -> Click on the Setting icon -> Choose Configure

Next, Apply Custom Home Layouts:

9 dot menu -> Roles -> Edit role you want to edit. Update the ‘Home Layout’ with the new customized layout you created.

Updates to the Homepage ‘What’s Happening’ Section

This feature will be enabled for all clients. Let your success manager know if you prefer the prior version.

What it is: Updates to the ‘What’s happening’ section on the homepage:

  1. Tab layout is now horizontal for a more intuitive user experience.

  2. Additional options added for easy access to recently changed entities, investigations, and other assets.

  3. Further customize by hiding asset views that are not of interest to them (accessed through the three-dot menu on the top right).

Why it matters: The former layout was limited to showing active entities, OSINT feeds and notifications. The upgraded experience will surface more important details to individual users, faster.

What it looks like (compared to the former experience):


Click on the three dots menu, where you can reorder the widgets and hide the ones that are not of interest to you.


Select Principal/Sub-Principal within Geofenced Filters

What it is: Select Principal & Sub Principals in feeds (in Real Time Events, Weather and Factal feeds). This is available within the ‘Principal Geofence’ option.

Why it matters: As some clients are adopting a ‘Principal-first’ approach to security, this feature gives the ability to filter on Principals/Sub-Principals within Feeds, with customized queries to eliminate noise and display only relevant information pertaining to Principals. This can be configured for a range of People, Locations, Events, and customized for each individual use-case.

Principal Geofenced Queries

What it is: Gives users the ability to create a feed based on a Principal Geotagged Fence (Inner, Intermediate, Outer) to monitor any signals that occur within the specified area of the principal. The conditions set on any of the filters will reduce the noise coming into the feed. 

Why it matters: This builds on Ontic’s usability for a Principal-first approach, giving Feeds the ability to capture Geo-tagged information that is relevant to the Principal(s), apply filters to eliminate noise, and display the results in a dashboard. It complements the previous feature offering (Selecting Principals/Sub-Principals within Feeds).

How it works: 

Feeds → Configure Dashboard:

Real Time Threat Detection 

Real Time Threat Detection (RTTD) with “Geo Risks” is a premium feature. To learn more about RTTD and Geo Risks, please contact your account manager.

Reveal proximity to Principal when hovering over signal card 

What it is: In the Geo Risk dashboard when you hover over a signal, you will see proximity to principal details if the signal is within any Principal’s standard geofences. 

Why it matters: Previously users had to click on signals to better understand which Principals might be impacted by the signal. Now users can quickly and easily better understand the potential impact to Principals. 

How it works: Use your mouse to scroll over a signal on the map and if the signal is near a principal you will see proximity details. 

Configure map zoom defaults for international users

What it is: The ability to set the map default zoom to a country or region other than the USA without having to create a custom Geo Risk dashboard. 

Why it matters: To make sure users can focus on areas that matter most to them regardless of where they operate. 

How it works: The map default zoom can be set at the workspace level by reaching out to your client experience team who will set this on the backend. If specific users within a workspace want to configure their own default zooms this can be done when creating a custom Geo Risk dashboard within Configure Dashboard Preferences.  

Notify for Wildfire + Workflows for Weather Layers

What it is: The ability to generate a Notify Report from the data within the wildfire layer. The addition of Workflow options for the additional weather layers such as Storm Potential and Severe Weather Warnings. 

Why it matters: You can now easily generate a Notify report to share information with other users and colleagues who may not use Ontic. With the workflow options you can now convert weather information to an incident or investigation, assign to a colleague, change the priority and more to help your team better act and have more context on situations that may impact your business. 

How it works: Click on any of the data within a weather layers and the 3 dot menu will appear. From the dropdown you can select the right option.

Geofence lists

What it is: The ability to group multiple Geofences within a list for organization and actionability. 

  • Now if you have several geofences created there is less space taken up in the screen due to better organization. 

  • You have the ability to toggle on/off multiple geofences within a list by turning on/off the list. 

  • Rules – Now you can build a rule that includes a geofence list within a condition rather than having to individually select multiple geofences. 

    • For example, if you have multiple custom geofences for New York you can create a rule that says if any signal is within any geofence on my New York list then send an alert. 

Why it matters: 

  • When several geofences are created, a lot of unnecessary space is taken up

  • Users cannot currently toggle on/off multiple geofences within a list

  • Users cannot currently build rules that include geofence lists.

How it works:  

  • Geofences live within Map Filters  

  • From the Geo Risk dashboard create a new Geofence within an existing list or you can create a new list. 

  • Geofence lists can also be created from Administration > Configuration > Lists > Geofence tab.

  • Once a list is created a user can select a geofence from the list or select the entire list in the Geo Risk dashboard

  • Lists can be added to rules from the Rule section.  

Note: All previously created geofences will exist under a default list which can be edited.

Apply Geofence or Geofence list as a filter when creating a custom Geo Risk dashboard. 

What it is: The ability to apply a Geofence or Geofence list to a Geo Risk dashboard as a filter when creating a custom dashboard. 

Why it matters: This provides a way for users to have a custom dashboard that will only display data within the selected geofences. Custom dashboards can be shared with team members to create custom, uneditable views. 

How it works: When creating a new Geo Risk dashboard click Configure Dashboard Preferences and select from the Geofence list dropdown. 

Hurricane Layer

What it is: The ability to track the paths of Hurricanes on the map. 

Why it matters: Now you can better understand the potential impact of a hurricane on certain locations and principals. 

How it works: From Data Layers > Weather > Hurricane Layer you can toggle on or off the Hurricane Layer.


Transient Principal Filters 

What it is: The ability to easily select principals to temporarily dictate the data that displays on the map for the duration of your session in the Geo Risk dashboard. You’ll have the ability to select from a number of Principal options such as Principal type, sub type, custom fields, and more. 

Why it matters: You can now easily change what displays on the map to obtain situational awareness of various principals at the same time. For example, you can select to see only signals near your warehouses, or executives. Previously this could just be done at the custom dashboard level and was an always-on filter. Now these filters can easily be toggled on or off and changed as needed per the workflows of the person accessing the dashboard. 

How it works: From the left pane of the Geo Risk dashboard you can select the filters from the field options listed, which will change what is displayed on the map. 

Transient Principal, User and Entity Layers

What it is: The ability to choose which Principals, Users, and Entity icons display on the map to be able to visualize signals in relation to key assets. 

Why it matters:  It provides the flexibility to a user to hide the user, entity and principals from a map view. All users of a current workspace who have an address associated with the user details will be visible to a logged in user. All entities created within the selected time filter will be visible on a map if the user layer is enabled.

How it works: 

Scale Tool available while building geo fences

What it is: When creating a new geofence a scale will be visible.

Why it matters: This will help you better understand the distances of their polygon geofences during configuration. 

How it works: When creating a polygon geofence from the Principal or Geo Risk dashboard the scale will appear in the bottom left corner. 


UX updates to widget builder 

What it is: We have upgraded our widget builder to be more intuitive for chart creation.

Why is it important: A more intuitive experience leads to time saved.

How does it work: We are now breaking down chart creation into two types of metrics:

  1. Basic widgets - Includes different chart types

  2. Overlay widgets - New widgets that can compare or see the trend of multiple Ontic assets.

Building “Basic” widgets - Chart creation has three steps:

  1. Basic Details 

  2. Fields and Measures

  3. Chart preferences.

Step 1: Basic Details 

Name the widget and chooses the chart type

Step 2: Field and Measures

Based on the selected chart type, necessary fields will be displayed. For example, when “Pie chart” is selected, “Quadrant” field will be displayed,  whereas when “Grid” is selected, rows and columns field will be displayed.

  • Measures – Only numeric fields will be visible in the “Value” fields under measures and aggregation (sum/average/count/minimum/maximum) can be calculated on these values.

Example:  Pie chart, with number of investigations broken down by risk level:

Example:  Pie chart with the aggregation of investigations cost across each risk level:

Step 3 - Chart Preferences


  • Add filters and a custom time range (which will override dashboard-level filters.)

  • Add a Threshold. This will create a dashed horizontal line, based upon the options chosen. Average, minimum, maximum, and median thresholds can be added, along with a custom number

  • Chart Preferences for Table - Enable user to sum up the column values of a table (or apply other mathematical formulas).

  • Chart Preferences for Grid - Enable users to sum up the row and column values of a grid chart.

Resize and rearrange widgets in a dashboard 

What it is: Resize and rearrange widgets in a metrics dashboard

Why is it important:  Currently, users cannot resize widgets and move them around the dashboard with ease. This feature will save users time.

How does it work:  Open metrics dashboard. Click on three dots -> Rearrange widgets.


Drag and drop widget from one place to another.

Resize the width of the widget by pulling on widget edges. Click on Save.

New “Overlay” widgets - Funnel, Multi Level/Asset & Sunburst

What it is: Users can now create additional widget types:

  1. Funnel chart

  2. Multi Level Column chart

  3. Multi Level Trend chart

  4. Sunburst chart

  5. Multi Asset table chart 

Why is it important:  Additional widget types will help users better tell the story with data. Some of the new widgets also give users the ability to bring multiple Ontic assets into one widget. For example, a multi asset table chart can have both investigation data and signal data within one widget.

How it works:

Funnel Chart

  • Helps to visualize a linear process that has sequential, connected stages. 

  • Example - Total number of POI in system -> number of POI marked on BOLO lookout -> No. of POI that have high risk level.

Steps to create a funnel chart:

  • Step 1: Chart for - Signal, Value - Signal Count, Agreggator - count

  • Step 2: [Action Taken] Add Relevancy filter and select its values - Workflow updated, signal accepted, signal rejected.

  • Step 3: [Exclude Read and Rejected]. Put condition Relevancy IS NOT ANY OF signal Rejected, Signal  Marked as Read.

Multi Level Column

  • Helps in running a comparison of one asset field to the same – or other asset – through column visualization. 

  • For example: number of investigations assigned to Lead Investigator and number of investigations in respective statuses.

  • It helps in presenting a large amount of information in a small space. Instead of having one bar at each division on the horizontal axis, there are two or more bars.

Multi Level Trend

  • Helps in plotting trends of different assets in one widget. Users are able to select viewing trends for 1 month, 6 month, 1 year, etc within the widget.

Sunburst Chart

  • Helps to visualize hierarchical data spanning outwards radially from root to leaves. Users can add multiple layers in the chart.

Multi Asset table chart 

  • Independent data of different assets can be visualized in one single chart. Each step name can be edited. Users can rename the field label while creating a widget.

  • Delta column tells the change as compared to the previous time period. 

  • Example: In step 1 (POI), time filter is 7 days then delta will show number of POI increased as compared to the previous 7 days

Multi Asset Table Trend

Choose ‘Yes’ within ‘Show Trends’ and you will see a trend over the selected time period. This will show the change in data of the last time period and second to last time period in the table.

Choose the category for ‘Dark Web’ within metrics

What it is: The ability to choose the category for ‘Dark Web’ within metrics.

Why it matters: Currently the only top level filter is “OSINT topic”. This creates confusion as both dark web and OSINT topics will have the same header. Users need the ability to report effectively in regards to the Dark Web. Their goal to show the number of dark web topics and the signals that came in can now be achieved. 

Display large numbers with commas instead of spaces

What it is: For large numbers in metrics, have the syntax updated for numbers larger than 999 to have commas instead of spaces. Ie, "1,000" instead of "1 000".

Why it matters: It is more common for long numbers to have commas instead of spaces. This will make numbers you see in metrics more visually appealing to users.

Scroll the legend within a chart

What it is: Ability to scroll the legends when the list is large.

Why it matters: Currently, legends take up a large space. This update will save space in a widget, and provide more space for the chart.


Create and assign tasks from SIGMA assessment

What it is: 

  1. Add subtype to a task

  2. Hide or show all fields of task using column support

  3. Generate tasks using options of a question

  4. Inline editing of task fields from task table

Why it matters: Users using SIGMA assessments can easily create tasks based on selected options while gathering information from multiple sources. It is easy to assign tasks through inline editing and saves time.

How it works: Click on 3 dots menu for the question where you want to add task and click on “Allow Task Capture”

After clicking on Allow Task Capture, you can hide the columns that are not relevant

While executing the assessment, click on Add task and select “Add task” from Answer Response:

In-line editing is now available:

Email Alerts

Upgrades to email alert subject lines

What it is: Users now know the importance of Ontic alerts by just reading the subject line

Why it matters: Ontic users can receive a multitude of system generated alerts based on rules. Therefore, it is important to give users the ability to differentiate each signal by reading the minimum text possible. 

The new subject lines of these alerts exactly do that. They help users to save time as they do not need to open and ready every detail in the mail.

** NOTE: Email alert subject line and body content is being updated only for alerts received when a user sent notification using “Notify” feature from RTTD and not through rules. **

Additional Enhancements

Entity Export

Restrict data in asset export (source based filtering)

  • While exporting entities, users will not be able to export public records. This is data that Ontic is not allowed to share outside the Ontic platform.

Administration (User)

Support of Address in user

  • When creating users, admins have the option of adding the user’s address.

  • This data can be accessed as a layer in GeoRisk/RTTD, and in metrics.


Support for Location and Principal in social signal import


Show Student Assessment Layout only 

Needs property 'ASSESSMENT_TEMPLATE_ENABLED' enabled:

1. Users will see two options My space & Student Assessment in Home layout creation flow

2. Users will see two options under Admin → Roles → Edit → Layout → Home (My space & Student Assessment)