IBM. IBM i2 Enterprise Insight Analysis User Guide. Version 2 Release 1

Similar documents
IBM. IBM i2 Enterprise Insight Analysis Understanding the Deployment Patterns. Version 2 Release 1 BA

Version 2 Release 1. IBM i2 Enterprise Insight Analysis Understanding the Deployment Patterns IBM BA

Version 9 Release 0. IBM i2 Analyst's Notebook Configuration IBM

Version 9 Release 0. IBM i2 Analyst's Notebook Premium Configuration IBM

IBM i2 Analyst s Notebook Quick Start Guide

Version 4 Release 1. IBM i2 Enterprise Insight Analysis Data Model White Paper IBM

IBM i2 ibridge 8 for Oracle

Version 2 Release 1. IBM i2 Enterprise Insight Analysis Maintaining a deployment IBM

Version 2 Release 2. IBM i2 Enterprise Insight Analysis Installing the components IBM SC

Version 9 Release 1. IBM i2 Analyst's Notebook Release Notes IBM

IBM i2 Analyze ibase Connector Deployment Guide. Version 4 Release 1 IBM

IBM Operational Decision Manager Version 8 Release 5. Configuring Operational Decision Manager on Java SE

IBM. IBM i2 Analyze Windows Upgrade Guide. Version 4 Release 1 SC

Platform LSF Version 9 Release 1.1. Migrating on Windows SC

CONFIGURING SSO FOR FILENET P8 DOCUMENTS

IBM. Networking INETD. IBM i. Version 7.2

Installing Watson Content Analytics 3.5 Fix Pack 1 on WebSphere Application Server Network Deployment 8.5.5

IBM emessage Version 8.x and higher. Account Startup Overview

IBM Spectrum LSF Process Manager Version 10 Release 1. Release Notes IBM GI

Using application properties in IBM Cúram Social Program Management JUnit tests

Best practices. Starting and stopping IBM Platform Symphony Developer Edition on a two-host Microsoft Windows cluster. IBM Platform Symphony

Getting Started with InfoSphere Streams Quick Start Edition (VMware)

Platform LSF Version 9 Release 1.3. Migrating on Windows SC

IBM Endpoint Manager Version 9.1. Patch Management for Ubuntu User's Guide

Build integration overview: Rational Team Concert and IBM UrbanCode Deploy

IBM Maximo Calibration Version 7 Release 5. Installation Guide

IBM Operational Decision Manager. Version Sample deployment for Operational Decision Manager for z/os artifact migration

IBM Cognos Dynamic Query Analyzer Version Installation and Configuration Guide IBM

IBM License Metric Tool Enablement Guide

IBM Operations Analytics - Log Analysis: Network Manager Insight Pack Version 1 Release 4.1 GI IBM

IBM OpenPages GRC Platform Version 7.0 FP2. Enhancements

Migrating Classifications with Migration Manager

IBM FlashSystem V MTM 9846-AC3, 9848-AC3, 9846-AE2, 9848-AE2, F, F. Quick Start Guide IBM GI

IBM Content Analytics with Enterprise Search Version 3.0. Expanding queries and influencing how documents are ranked in the results

Netcool/Impact Version Release Notes GI

IBM Security QRadar Version Customizing the Right-Click Menu Technical Note

IBM Maximo for Aviation MRO Version 7 Release 6. Installation Guide IBM

IBM. IBM i2 Analyze: Configuring Secure Sockets Layer (SSL) Version 4 Release 1 SC

Best practices. Reducing concurrent SIM connection requests to SSM for Windows IBM Platform Symphony

IBM LoadLeveler Version 5 Release 1. Documentation Update: IBM LoadLeveler Version 5 Release 1 IBM

IBM Storage Management Pack for Microsoft System Center Operations Manager (SCOM) Version Release Notes

Networking Bootstrap Protocol

IBM Maximo for Service Providers Version 7 Release 6. Installation Guide

IBM Maximo Spatial Asset Management Version 7 Release 5. Installation Guide

IBM. IBM i2 Analyze Security White Paper. Version 4 Release 1

IBM Cloud Object Storage System Version Time Synchronization Configuration Guide IBM DSNCFG_ K

IBM Storage Driver for OpenStack Version Release Notes

IBM Kenexa LCMS Premier on Cloud. Release Notes. Version 9.3

IBM z/os Management Facility V2R1 Solution Guide IBM Redbooks Solution Guide

A Quick Look at IBM SmartCloud Monitoring. Author: Larry McWilliams, IBM Tivoli Integration of Competency Document Version 1, Update:

ServeRAID-MR10i SAS/SATA Controller IBM System x at-a-glance guide

IBM Security QRadar Version Forwarding Logs Using Tail2Syslog Technical Note

iscsi Configuration Manager Version 2.0

IBM Netcool/OMNIbus 8.1 Web GUI Event List: sending NodeClickedOn data using Netcool/Impact. Licensed Materials Property of IBM

Tivoli Access Manager for Enterprise Single Sign-On

IBM FlashSystem V Quick Start Guide IBM GI

Performance Tuning Guide

Best practices. Linux system tuning for heavilyloaded. IBM Platform Symphony

IBM Spectrum LSF Version 10 Release 1. Readme IBM

IBM. IBM i2 Analyze Data Acquisition Guide. Version 4 Release 0

IBM Storage Driver for OpenStack Version Installation Guide SC

Patch Management for Solaris

IBM OpenPages GRC Platform - Version Interim Fix 1. Interim Fix ReadMe

IBM Decision Server Insights. Installation Guide. Version 8 Release 6

IBM Security QRadar Version 7 Release 3. Community Edition IBM

IBM. Avoiding Inventory Synchronization Issues With UBA Technical Note

IBM Cloud Orchestrator. Content Pack for IBM Endpoint Manager for Software Distribution IBM

IBM WebSphere Sample Adapter for Enterprise Information System Simulator Deployment and Testing on WPS 7.0. Quick Start Scenarios

Implementing IBM Easy Tier with IBM Real-time Compression IBM Redbooks Solution Guide

IBM. IBM i2 Analyze Deployment patterns and examples. Version 4 Release 1 SC

IBM i2 ibase 8 Upgrading IBM i2 ibase databases to SQL Server 2005 or 2008 VERSION MAY 2012

Determining dependencies in Cúram data

IBM Copy Services Manager Version 6 Release 1. Release Notes August 2016 IBM

IBM Maximo Spatial Asset Management Version 7 Release 5. Installation Guide

IBM. Business Process Troubleshooting. IBM Sterling B2B Integrator. Release 5.2

IBM Maximo Spatial Asset Management Version 7 Release 6. Installation Guide IBM

Application and Database Protection in a VMware vsphere Environment

Release Notes. IBM Tivoli Identity Manager Rational ClearQuest Adapter for TDI 7.0. Version First Edition (January 15, 2011)

IBM Rational Synergy DCM-GUI

Development tools System i5 Debugger

IBM Storage Driver for OpenStack Version Installation Guide SC

Migrating on UNIX and Linux

IBM Storage Device Driver for VMware VAAI. Installation Guide. Version 1.1.0

Contents. Configuring AD SSO for Platform Symphony API Page 2 of 8

IBM XIV Provider for Microsoft Windows Volume Shadow Copy Service. Version 2.3.x. Installation Guide. Publication: GC (August 2011)

Integrated Management Module (IMM) Support on IBM System x and BladeCenter Servers

IBM Geographically Dispersed Resiliency for Power Systems. Version Release Notes IBM

IBM. Networking Open Shortest Path First (OSPF) support. IBM i. Version 7.2

Integrated use of IBM WebSphere Adapter for Siebel and SAP with WPS Relationship Service. Quick Start Scenarios

IBM TRIRIGA Application Platform Version 3 Release 5.3. User Experience User Guide IBM

IBM Optim. Compare Introduction. Version7Release3

IBM. IBM i2 Analyze: Backing Up A Deployment. Version 4 Release 1

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Endpoint Manager for Patch Management - AIX. User s Guide

IBM Financial Transactions Repository Version IBM Financial Transactions Repository Guide IBM

Release Notes. IBM Tivoli Identity Manager Universal Provisioning Adapter. Version First Edition (June 14, 2010)

IBM Maximo Calibration Version 7 Release 6. Installation Guide

IBM StoredIQ Platform Version Overview Guide GC

Release Notes. IBM Security Identity Manager GroupWise Adapter. Version First Edition (September 13, 2013)

IBM BigInsights Security Implementation: Part 1 Introduction to Security Architecture

Transcription:

IBM IBM i2 Enterprise Insight Analysis User Guide Version 2 Release 1

Note Before using this information and the product it supports, read the information in Notices on page 19. This edition applies to version 2, release 1, modification 3 of IBM i2 Enterprise Insight Analysis (product number 5725-G23) and to all subsequent releases and modifications until otherwise indicated in new editions. Copyright IBM Corporation 2014, 2016. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

Contents Chapter 1. Welcome to Enterprise Insight Analysis........... 1 Chapter 2. Enterprise Insight Analysis Onyx Information Store workflow.... 3 Defining the area for a geographical search.... 5 Configuring queries............ 7 Saving queries............. 9 Refining search results........... 11 Browsing search results and adding them to a chart 11 Enterprise Insight Analysis analytics...... 13 Finding items connected to entities..... 13 Finding paths between two entities..... 15 Storing results in the Analysis Repository.... 16 Notices.............. 19 Trademarks.............. 21 Copyright IBM Corp. 2014, 2016 iii

iv User Guide

Chapter 1. Welcome to Enterprise Insight Analysis In an Enterprise Insight Analysis deployment, the data to be analyzed, such as communications data, financial transactions, or network events, is stored in the Information Store. In addition to this main data store, you can also include an Analysis Repository to store the results of your investigation, and access data stored in external data stores. Depending on your needs, there are multiple deployment patterns that you can use, and the features that are available differ. However, regardless of the pattern that you select, the predicted workflow is as follows: You design your query, search the applicable data store, and then apply filters to refine the results. If your organization uses Esri ArcGIS to host geographic information system (GIS) resources, you can set geospatial constraints with IBM i2 Analyst's Notebook Connector for Esri before you search the data store. After you reduce your results set to a manageable size, you can add items to a chart for further analysis. Enterprise Insight Analysis includes analytics that you can use to look for patterns and relationships in the data. Enterprise Insight Analysis also offers an automated identity resolution and recommendation engine that monitors data from its data repository to detect related entities, resolve non-obvious relationships, and provide name analysis. The recommendation engine includes a plug-in that integrates with IBM i2 Analyst's Notebook Premium to help you to research entities and to provide alerts when specific relationships are detected within the operational data. Enterprise Insight Analysis also provides access to a core subset of capabilities that are delivered through a lightweight browser-based application. These capabilities can help users from outside the traditional intelligence unit work alongside the analysts and support information collection. In addition, i2 Enterprise Insight Analysis also can present summaries of pertinent information through key performance indicators for operational insight and situational awareness. Extra capabilities for extending i2 Enterprise Intelligence Analysis are available as optional add ons: IBM i2 Enterprise Insight Analysis Recommendation Engine Add On Delivers automated identity resolution and a recommendation engine that helps analysts and investigators to quickly determine when multiple identities are the same. In addition, connections that are not obvious are highlighted, allowing the analyst to make connections that are otherwise hidden in the noise. Proactive alerts callout when new information is available and when data points alter, strengthen, or resolve. IBM i2 Enterprise Insight Analysis Collaborate Add On Designed for other key stakeholders in the organization, including researchers, investigators, front-line personnel, and decision makers. The Collaborate add-on extends and uses the valuable intelligence that is created by the analysts. It provides access to a core subset of capabilities that are delivered through a lightweight browser-based application. These Copyright IBM Corp. 2014, 2016 1

capabilities can help users from outside the traditional intelligence unit work alongside the analysts and perform supportive roles, including information collection. IBM i2 Enterprise Insight Analysis Operational Awareness Add On Adds dashboard and key performance indicator capabilities to help provide the operational leader with a clearer picture of the event with near real-time situational awareness. 2 User Guide

Chapter 2. Enterprise Insight Analysis Onyx Information Store workflow Using IBM i2 Enterprise Insight Analysis, you can search large data sets, potentially consisting of hundreds of terabytes of data and trillions of records. To extract useful information from so much data, you need an approach that quickly identifies items of interest. Figure 1 shows an example workflow that you might use with Enterprise Insight Analysis. In this approach, you define initial search conditions and successively filter, refine, and analyze the results to uncover the information you require. Copyright IBM Corp. 2014, 2016 3

Figure 1. A typical Enterprise Insight Analysis workflow. Searching the Information Store You can search for entities and links in the Information Store by their property values or by their relationships to other items. For some types of entities and links, you can limit your search to a defined geographical location. If you want to apply a geospatial constraint, you must define the search area before you configure any other conditions. You start a geospatial search by specifying the search area on a map in IBM i2 Analyst's Notebook Connector for Esri. Enterprise Insight Analysis passes the coordinates to the Intelligence Portal, which creates a query with the appropriate item types preselected and the geospatial constraint applied. Then, in the Intelligence Portal, you configure any additional conditions and then run the search. If you do not want to limit your search to a geographical location, you miss out the first step and begin by creating 4 User Guide

your query directly in the Intelligence Portal. Refining your search When you run your search, a summary of the initial results is displayed in the Intelligence Portal and the total number of results is indicated. Depending on the reports that are configured by your system administrator, the results summary might be presented as a table or a visual representation, such as a graph or histogram. You can filter the items based on their properties to refine your search and reduce the results set. For example, you might reduce the results that are found for a call detail record search by filtering out all communication types other than voice calls. Each time that you apply a filter, the summary results are updated. Analyzing the results To analyze results in greater detail, you can browse the items in the Intelligence Portal or add the items to a chart. By Browsing search results and adding them to a chart, you can view, and work with the items from your filtered search results. You can analyze the items by using the Enterprise Insight Analysis Expand and Find Path analytics. Each time that you use one of the analytics, you receive another set of summary results in the Intelligence Portal that you can filter, browse, and add to a chart. When items are on a chart, you can use the IBM InfoSphere Identity Insight to detect relationships between the items in your results and other items in the data. If you find any entities or networks of interest, you can also add these items to the chart. When your analysis is complete, you can save the entities and links that you found, and any charts that you created to the Analysis Repository. By storing items in the Analysis Repository, you can return to your analysis later or share the results with others. Defining the area for a geographical search When you search the Information Store, you can restrict your search to a geographical area that you define. If you want to apply a geospatial constraint, you must specify the search area before you configure any other search conditions. Before you begin To search for entities and links by their location, you must connect to an appropriate Esri ArcGIS server that provides maps of the regions in which you are interested. The ArcGIS server might also offer dynamic map layers that contain information that is of use to your investigation. For example, if you are analyzing call detail records, then you might connect to an ArcGIS server that contains a dynamic map layer that shows base transceiver station sites. For more information about connecting Analyst's Notebook to an ArcGIS server, see the Analyst's Notebook Connector for Esri documentation. About this task When you search the Information Store for items that are related to a particular location, you must start by defining an area on a map in Analyst's Notebook Connector for Esri. Then, you must run the search in the Intelligence Portal. You Chapter 2. Enterprise Insight Analysis Onyx Information Store workflow 5

cannot add geospatial constraints to a search in the Intelligence Portal. Procedure 1. In Analyst's Notebook Connector for Esri, display a map or mapping layer for the region that you want to search. For more information about working with maps in Analyst's Notebook, see the Analyst's Notebook Connector for Esri documentation. 2. Select a tool that can draw enclosed shapes, such as Circle, Rectangle, or Polygon, and draw a shape that covers the area of the map that you want to search. You must define a single, enclosed shape that covers your area of interest. You cannot search for information on a line or at a point on a map, and you cannot create search areas from multiple shapes. 3. Right-click the shape and then select a search option. The two options that are available by default, search call detail records and network location data. However, your system administrator might provide other options. Results Enterprise Insight Analysis opens a search tab in the Intelligence Portal with the appropriate item types added and the geospatial constraint applied. What to do next Configure and run your query in the Intelligence Portal. 6 User Guide

Configuring queries You can search the Information Store for entities and links. To define your search conditions, you draw a network that contains the item type for which you are searching, and set constraints on the item property values. Before you begin If you want to search within an area on a map, you must define the search area before you configure your query. When you specify an area of interest in Analyst's Notebook Connector for Esri and start a search, a search tab opens with the appropriate item types added and the geospatial constraint applied. Procedure 1. If an Intelligence Portal Information Store query tab is not already open, access the Intelligence Portal and on the toolbar, click Advanced > Information Store query. 2. Create your query by dragging entity types from the palette to the query surface. The Any entity type represents any entity that is valid in the context of the links and other entities to which it is connected. For example, an Any entity that is linked to a Person entity through an Owns link might be an Address, a Communication Device, or a Vehicle, but cannot be another Person. The entity and link types that are valid in any particular situation are determined by the schema. 3. Add links by selecting two entities and clicking Link. By default, the Any link type is added, which includes all the link types that are valid for the selected entities, according to the schema. If only a single link type is valid, the link is automatically set to a specific type. If no valid link type exists to connect the entities that you select, the Link option is disabled. You can add multiple links between two entities to specify that links of all the selected types must be present between the two entities for a match to occur. If you configure multiple links, ensure that each valid link type is not assigned to more than one link. You cannot specify the same link type for multiple links between two entities and you cannot include a link of type Any as one of multiple links. 4. To change a link of type Any to a link of one or more specific types, double-click the link and complete the following steps: a. In the Edit window, click Any valid link type. b. In the "Link type selector" window, click Specific types and select the link types that you want to include in your query. By default, all the available link types are selected. Click a link type to remove that link type from your query. If you select more than one but not all the available link types, the link changes to a Mixed link. When you run your search, the query attempts to match any of the link types that are specified in a Mixed link. c. Click OK in the "Link type selector" window and then OK again in the Edit window. Chapter 2. Enterprise Insight Analysis Onyx Information Store workflow 7

5. To define search conditions for an entity or link, select the item, click Edit, and complete the following steps: a. To constrain your search by the number of items that are connected to an entity, under Conditions, select an operator, and enter the value for the count condition. You can add a count condition to a query to find entities that are connected to a specific number of other entities. For example, you might want to search for phones that made calls to 20 different phones over a particular time period of interest. When you apply a count condition to a link, you search for entities with a specific number of links. For example, you might want to search for phones that made more than 20 calls to a particular phone. You can apply a count condition to one item only in each query, which means it is not possible to include more than one count condition in a query. For more information about count conditions, see Query count conditions. b. To constrain your search by an item property, select a property type from the list under Enter a search condition. You can apply search conditions only to entities and links with a single assigned item type. You cannot apply search conditions to entities of type Any, or to links of type Any or Mixed. c. Select the type of operator to use and enter the property value or values for which to search. For more information about the match operators, see Search and filter operators. d. Click Insert. Your search condition is added in the "Enter a search condition" pane. e. Repeat the preceding steps to add more search conditions to the item. You can disable and enable search conditions by clicking Turn condition off or Turn condition on next to each condition. Toggle conditions to quickly run searches with different combinations without having to remove and reenter the conditions. To permanently remove a condition from your search, click Remove condition next to the condition that you want to delete. f. After you configure all the required conditions, click OK. The active search conditions that are applied to the item properties are displayed beneath the item on the query surface. 6. Select from the Item types to search for list the entity or link in your query for which you want to search. You can search for only one of the items in your query and that item must be of a specific type. You cannot search for entities of type Any, or for links of type Any or Mixed. Only those items in your query for which you can search are available for selection in the Item types to search for list. If Enterprise Insight Analysis cannot search for any of the items in your query, the Item types to search for list displays the message No valid item types. 7. Click Search. 8 User Guide

Results Enterprise Insight Analysis displays a summary of the results on the "View results" page of the Intelligence Portal search tab. The summary might consist of some or all of the results in a table, or a visual representation such as a graph or histogram. The total number of results is shown at the top of the page. What to do next You can filter the items based on their properties to refine your search and reduce the results set. Alternatively, return to the "Design query" page of the search tab, add more conditions, and run your search again. When you have a set of data to work with, you can Browse the results or add them to a chart. You can save your query in the Analysis Repository, for later use, or to share it with others. Saving queries To retain a valid query for reference or further use, save it in the Analysis Repository. Stored queries can be organized and made available to others. Procedure 1. Optional: Before you save a query, edit the entity and link labels to provide more information for other users. To edit a label, select the item on the query surface and click Edit. In the Label field, enter a descriptive name for the item in the context of your query. When you add entities and links to a query, generic labels are automatically applied. These generic labels do not reflect any item type constraints or search conditions, you might add. For example, you might search for entities that connect two individuals by creating a query that includes two Person entities that are configured with appropriate search conditions. By editing the entity labels to include the names of the individuals, you can help identify which entity represents which person. 2. On the left side of the Information Store query tab, click Properties. 3. Enter a name and optionally, a description for your query, plus any additional source information that is relevant. 4. Optional: If you do not want to apply the default information grade settings for the name or description, click the arrow to the right of the appropriate field. Select the Override default grades check box, select grades from the lists, and then click OK. Grades indicate the quality of the information that is represented by an item and might not be relevant to your query. For more information, see Setting grades on property values. Chapter 2. Enterprise Insight Analysis Onyx Information Store workflow 9

5. On the left side of the Information Store query tab, click Security. 6. Configure the security settings to determine the level of access to your query for users. Depending on the configuration of your Analysis Repository, you either use security tags or set the security permissions manually. For more information, see the Security in the repository. 7. Optional: Enter a signpost message that indicates how users without the necessary security clearance can request access to, or more information about, your query. For more information about signpost messages, see the Signpost messages. 8. Optional: If you want to add your query to an Analysis Repository set when you save the query, select the Add to set check box. You can use sets to group related items. You might create a set to contain all your queries, or to collect queries and other information that relate to a specific investigation. 9. Click Save to save a new query or to save your changes to an existing query in the Analysis Repository. To save changes to an existing query as a new query without updating the original, click Save as and then click Save on the new Information Store query tab that opens. For more information about saving queries in the Analysis Repository, see the Saving a visual query. 10. Optional: Enter a comment to appear in the version history of the query. If you decided to add your query to a set, locate and select an existing set or create a new set in the Analysis Repository. Then, enter a comment for the set. Results Your query is saved in the Analysis Repository and is available for other users to find, use, and modify, subject to the appropriate security permissions. The query is added to the Recent Information Store queries list that appears when you click Advanced on the Intelligence Portal toolbar. Other users can find your query by searching or browsing the Analysis Repository. The query can be used to search only the Information Store and cannot be used with any other data sources. For more information about editing shared queries, see the Concurrent editing of visual queries. What to do next If you added your query to a set, you can create and subscribe to an alert feed to receive notifications in the Intelligence Portal when changes are made to that set. For more information, see the Alerting on items. If you no longer need your query, you can delete or purge it from the Analysis Repository. For more information, see the Remove items, charts, or sets from the Analysis Repository. 10 User Guide

Refining search results After you search the Information Store, you can filter the initial results based on the properties of the entities and links that are found. By filtering the results, you can refine your search, producing a manageable set of results for further analysis. About this task When you search the Information Store, Enterprise Insight Analysis does not return the full set of results immediately. Instead, a summary of the results is displayed on the "View results" page of the Intelligence Portal search tab. The total number of results that are returned by the search is indicated, but every item that is found is not necessarily displayed. The format in which your results are displayed depends on the views that your system administrator provides, which might include tables, graphs, and histograms. The results summary is stored only temporarily and is discarded when you close the tab. Procedure 1. On the "View results" page of the Information Store query tab, display any filters that your system administrator provides and specify values for the properties by which you want to filter your results. 2. Apply the filters to run your search again with the additional constraints that you configured. Enterprise Insight Analysis updates the summary results on the "View results" page. What to do next When you have a set of results that you want to analyze further, browse the results or add them to a chart to view and work with all the items in the Intelligence Portal or Analyst's Notebook. You must reduce your results set to fewer than the maximum number of items that is defined by your system administrator to send the results to the Intelligence Portal or Analyst's Notebook. Browsing search results and adding them to a chart To analyze the results of an Information Store search, you can view the entities and links on an Intelligence Portal Browse tab or add the items to an Analyst's Notebook chart. Procedure v To view and work with all the items from your filtered search results in the Intelligence Portal, on the "View results" page of the Information Store query tab, click Browse these results. Enter a name for your results set and click OK. The Intelligence Portal displays your search results on a new Browse tab. Chapter 2. Enterprise Insight Analysis Onyx Information Store workflow 11

v To view and work with all the items from your filtered search results on an Analyst's Notebook chart, on the "View results" page of the Information Store query tab, click Add to chart. Analyst's Notebook adds your search results to the currently active chart, or if no charts are open, creates a new chart. v To send all the items from an Intelligence Portal Browse tab to an Analyst's Notebook chart, choose one of the following options: To add all of the entities and links in your results to the currently active chart, click Add results list to chart. If no charts are open, Analyst's Notebook creates a new chart. To add all of the entities and links in your results to a new chart, right-click Add results list to chart and select Add results list to new chart. v To send a subset of the items from an Intelligence Portal Browse tab to an Analyst's Notebook chart, select the items that you want to visualize and then choose one of the following options: To add the selected entities and links to the currently active chart, click Add selection to chart. If no charts are open, Analyst's Notebook creates a new chart. To add the selected entities and links to a new chart, right-click Add selection to chart and select Add selection to new chart. To add the selected items and all the entities and links that are directly connected to the selected items to the currently active chart, right-click Add selection to chart and select Expand selection to chart. If no charts are open, Analyst's Notebook creates a new chart. To add the selected items and all the entities and links that are directly connected to the selected items to a new chart, right-click Add selection to chart and select Expand selection to new chart. What to do next You can use the Expand and Find Path analytics to discover relationships between entities in the results and items in the Information Store. You can also analyze your search results by using the other tools in the Intelligence Portal and Analyst's Notebook. The search results are stored only temporarily and are discarded when you close the Intelligence Portal tab. If you need to retain your results for future reference, you can save the entities and links that you found, and any charts that you created, to the Analysis Repository. 12 User Guide

Enterprise Insight Analysis analytics You can use the analytics included with Enterprise Insight Analysis to investigate your search results in the Intelligence Portal and Analyst's Notebook. You can discover other entities and links in the Information Store that are related to entities in your search results. Enterprise Insight Analysis includes the following analytics: Expand Search the Information Store for items that are directly connected to specific entities of interest. For example, as part of an investigation into potential malicious activity, you might want to find all the systems, accounts, and company assets to which a particular user has direct access. Find Path Search the Information Store for items that indirectly connect two entities of interest. For example, as part of a fraud investigation, you might want to find bank accounts that are acting as intermediaries in the transfer of funds between two suspect accounts. When you view entities from your search results on an Intelligence Portal Browse tab or an Analyst's Notebook chart, you can use these analytics to investigate the relationships of entities in the Information Store. You receive a new results summary on an Intelligence Portal tab when you run an analytic. Finding items connected to entities When you use the Expand analytic to investigate entities, you search for other entities and links in the Information Store that are directly connected to the entities of interest. You can quickly identify the direct associations of specific entities. About this task You can use the Expand analytic to investigate entities from the Information Store only. To use the analytic, you must browse the entities in the Intelligence Portal or add the entities to an Analyst's Notebook chart. The Enterprise Insight Analysis Expand analytic is not available for you to use with any other data sources. Procedure 1. On an Intelligence Portal Browse tab or an Analyst's Notebook chart, select the entities in which you are interested. Right-click any of your chosen entities and select Expand in the Intelligence Portal or Information Store > Expand in Analyst's Notebook. The Intelligence Portal displays a new Expand tab. 2. If you want to constrain your search to a specific time period, on the "Configure expand" page of the new tab, select the Filter by date where available check box. Then, enter a date range to search in the Link date range fields. By default, the only links that have date properties are Communicates With links. Chapter 2. Enterprise Insight Analysis Onyx Information Store workflow 13

3. Click Expand. Enterprise Insight Analysis displays a summary of the results from the analytic on the Expand tab. The summary might consist of some or all of the results in a table, or a visual representation such as a graph or histogram. The total number of results is shown at the top of the page. 4. If you want to filter the results that are returned by the Expand analytic, complete the following steps: a. Display any filters that your system administrator provides and specify values for the properties by which you want to filter your results. b. Apply the filters to run the Expand analytic again with the additional constraints that you configured. Enterprise Insight Analysis updates the summary results on the Expand tab. 5. To analyze your results further and view all the items that are returned by the analytic, choose one of the following options: v v To view and work with the entities and links in the Intelligence Portal, click Browse these results. Enter a name for your results set and click OK. The Intelligence Portal displays the results of your analysis on a new Browse tab. To view and work with the entities and links on an Analyst's Notebook chart, click Add to chart. Analyst's Notebook adds the results of your analysis to the currently active chart, or if no charts are open, creates a new chart. What to do next With the results of the analytic displayed on an Intelligence Portal Browse tab or an Analyst's Notebook chart, you can use the Expand analytic again or the Find Path analytic. You can also analyze your results by using the other tools in the Intelligence Portal and Analyst's Notebook. The results are stored only temporarily and are discarded when you close the Intelligence Portal tab. If you need to retain your results for future reference, you can save the entities and links that you found, and any charts that you created, to the Analysis Repository. 14 User Guide

Finding paths between two entities When you use the Find Path analytic to investigate two entities, you search the Information Store for chains of entities and links that connect the entities of interest. You can find the intermediaries that indirectly connect two specific entities. About this task You can use the Find Path analytic to investigate entities from the Information Store only. To use the analytic, you must browse the entities in the Intelligence Portal or add the entities to an Analyst's Notebook chart. The Enterprise Insight Analysis Find Path analytic is not available for you to use with any other data sources. Procedure 1. On an Intelligence Portal Browse tab or an Analyst's Notebook chart, select the two entities in which you are interested. Right-click either entity and select Find path in the Intelligence Portal or Information Store > Find Path in Analyst's Notebook. The Intelligence Portal displays a new Find path tab. 2. On the Configure find path page of the new tab, select the type of path: v To identify the paths between the selected entities that contain the minimum number of items, select the Return shortest paths only check box. v Note: If you are only interested in the most direct paths between the selected entities, use this option. To identify all paths of a specific length or shorter, set the maximum number of links in the paths by moving the Maximum path length slider. Note: If you are interested in the number and nature of the connections between the selected entities up to a specific degree of separation, select this option. 3. If you want to constrain your search to a specific time period, select the Filter by date where available check box. Then, enter a date range to search in the Link date range fields. By default, the only links that have date properties are Communicates With links. 4. Click Find path. Enterprise Insight Analysis displays a summary of the results from the analytic on the Find path tab. The summary might consist of some or all of the results in a table, or a visual representation such as a graph or histogram. The total number of results is shown at the top of the page. Chapter 2. Enterprise Insight Analysis Onyx Information Store workflow 15

5. To analyze your results further and view all the items in the paths that are returned by the analytic, choose one of the following options: v v To view and work with the entities and links in the Intelligence Portal, click Browse these results. Enter a name for your results set and click OK. The Intelligence Portal displays the results of your analysis on a new Browse tab. To view and work with the entities and links on an Analyst's Notebook chart, click Add to chart. Analyst's Notebook adds the results of your analysis to the currently active chart, or if no charts are open, a new chart. Add to chart is only displayed if you opened the Intelligence Portal from Analyst's Notebook. What to do next With the results of the analytic displayed on an Intelligence Portal Browse tab or an Analyst's Notebook chart, you can use the Find Path analytic again or the Expand analytic. You can also analyze your results by using the other tools in the Intelligence Portal and Analyst's Notebook. The results are stored only temporarily and are discarded when you close the Intelligence Portal tab. If you need to retain your results for future reference, you can save the entities and links that you found, and any charts that you created, to the Analysis Repository. Storing results in the Analysis Repository To share the results of your analysis with others and make the intelligence available to subsequent investigations, copy entities and links to the Analysis Repository, and upload any charts that you created. Procedure v To copy entities and links from the Intelligence Portal to the Analysis Repository, select the items on the Intelligence Portal Browse tab and then click Copy to Analysis Repository. v To copy entities and links from an Analyst's Notebook chart to the Analysis Repository, select the items in the chart. Right-click a selected item and select Information Store > Upload Selected Items. For more information about copying items from a chart to the Analysis Repository, see the Uploading Analyst's Notebook chart items to a repository. v To upload a chart from Analyst's Notebook to the Analysis Repository, in the Data Sources pane, select the Analysis Repository. Then, on the Options tab, click Upload Chart. For more information about uploading charts to the Analysis Repository, see the Managing charts. Results When you copy an entity or link from the Information Store, a new, separate version of the item is created in the Analysis Repository. The existence of independent items results in the following behavior: v If you edit the item in the Analysis Repository, those changes are not reflected in the Information Store item. 16 User Guide

v If the item in the Information Store is updated or removed, you must make the corresponding changes manually if you want to update or remove the Analysis Repository item. v If you copy an item from the Information Store to the Analysis Repository that was already copied, a duplicate item is created. The existing item in the Analysis Repository is not merged with the duplicate or updated. v If you apply security settings to an item that you copy from the Information Store to the Analysis Repository, the security settings do not apply to the original item in the Information Store. As a result, users who do not have appropriate privileges to access the Analysis Repository item but who are able to search the Information Store can potentially access the restricted data by viewing the original item. When you search or browse items that were copied to the Analysis Repository, you can view the corresponding item in the Information Store by right-clicking the item and selecting Open Information Store item. This option is disabled if the item does not originate from the Information Store or was not copied to the Analysis Repository. Chapter 2. Enterprise Insight Analysis Onyx Information Store workflow 17

18 User Guide

Notices This information was developed for products and services offered in Israel and in the U.S.A. only. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-ibm product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-ibm Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: Copyright IBM Corp. 2014, 2016 19

IBM United Kingdom Limited Hursley House Hursley Park Winchester, Hants, SO21 2JN UK Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us. Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurements may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. The sample programs are provided "AS IS", without warranty of any kind. IBM shall not be liable for any damages arising out of your use of the sample programs. 20 User Guide

Trademarks IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at http://www.ibm.com/ legal/copytrade.shtml. Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Other company, product, and service names may be trademarks or service marks of others. Notices 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback