Project Workspace
The Project Workspace is where IKANOW visualizations come to life using Dashboards, widgets, cascading scorecards, analysis views and reporting. Everything is grounded by powerful search/querying capabilities.
Getting Started
Your successfully ingested and curated Data Sources are added to projects to enable access, project collaboration, analysis views, and reporting. Projects are the main organizational unit in IKANOW Threat Analytics, and they are the context within which data is searched/queried, visualized, and shared.
Creating a Project
Creating a Project is a simple 4 step wizard-based procedure that creates a new Project and associates it with specific Data Sources, Users and User Groups.
To create a new project
- From the Threat Analytics interface, click on Select a Project at top left.
- At the bottom of the dropdown, click on Create New Project.
- Provide a name for your Project, and click on Next.
- From the list of "Available Data Groups" make your selections by clicking on the green plus icon. Once you have associated the Data Groups click on Next.
- From the list of "Available Users and User Groups" make your selections by clicking on the green plus icon. Once you have finished, click on Next.
- Review the information for your new Project. Provided you are happy, click on Save. To make any changes to the settings, click on Previous.
Querying the Sources
Once you have created a Project and associated the Data Groups, you can run searches within your Project Workspace, in order to view returned documents, and visualizations.
To query the Project Data
- Ensure that you are within the desired Project, by referencing the selected project at top left of the interface. To change to a new project, see the procedure below.
- Provided you are in the correct Project, enter your search term into the Search bar and click Enter. Any applicable documents are returned to the interface, corresponding to your query terms.
| Anchor | ||||
|---|---|---|---|---|
|
To select a project
- From the Threat Analytics interface, click on the name of the current project at top left.
- Find the project of choice in the dropdown menu.
- Select the project. You are taken into the new Project workspace, and your search results, as well as any open visualizations are updated accordingly to reflect the data in the Project Data Groups.
Advanced Search and Filtering
When you run queries against your data sources, it is possible to use Advanced Search, for advanced filtering capabilities. Filtering enables you to narrow your results by applying constraints around Entities, Tags, Verb categories, and Weightings.
To use the advanced query builder
- From the Search results, click on Filter Results. It is also possible to access the settings by clicking Advanced Search next to the Search bar.
- Configure the filters, as described in the table below. Based on the various settings, the search results are filtered accordingly.
Filter Description Entities Search results can be easily filtered by entity type so that only documents including those entity types are returned to Dashboards, score cards etc. For example, filter by person, company, product, location etc.
Tags When sources are added to the platform tags can be applied. These tags can then be used to limit a query to a subset of documents within a Project based on document tags.
Verb Categories You can filter returned associations by using verb types. For example, you can only return associations with the verb category "travel," to encompass associations with verbs such as "flew" and "drove".
Weightings In scoring, weightings enable you to further alter query output results. For example, you can set a central point in time, around which results are promoted. For more information see below.
- Click on Search. The advanced query is executed against the sources and the results are returned.
| Anchor | ||||
|---|---|---|---|---|
|
You can set a central date (date and time) around which results will be promoted. Results after that central point in time are demoted as per the half-life setting.
Example: 1m (one month) time decay - results within 1 month of the entered date are promoted to top of results; results between 1 to 2 months from decay time are halved; results 2 to 3 months from decay time are quartered, etc.
Saving and Loading Advanced Queries
You can save useful queries for re-use.
Exporting a Query
todo
Importing a Query
todo
Reports and Buckets
About reports and buckets
Adding Documents to a Report
To add documents to a report
Adding Documents to a Bucket
To add documents to a bucket
| Panel | ||||||
|---|---|---|---|---|---|---|
In this section:
|
| Panel |
|---|
Related Documentation:
|
| Panel |
|---|
|