Siren, the provider of Investigative Intelligence analytics, announced the release of Siren 10.5. The latest version of Siren features several notable improvements, including the ability to fuse big local data with results returned dynamically by remote web services – a capability Siren calls Knowledge Graph “augment on demand”.
Dr. Giovanni Tummarello, Founder and Chief Product Officer at Siren, said: “With Siren, a data model is used to virtually connect organizational data – from DBs to Elasticsearch clusters – as a single knowledge graph. Siren 10.5 introduces drivers that connect external web services to this knowledge graph so that it can grow as investigators ask questions.”
Dr. Tummarello continues: “Imagine that at a certain point in your investigation you target an IP, or a company or a nickname. You can now invoke external web services like VirusTotal, Shodan and WebHose to fetch intel, which can be incredibly useful to create new connections with other data to paint a fuller picture.
“No other software has such effective big data/web service fusion, opening the door to an almost endless set of Investigative Intelligence scenarios.”
10.5 includes drivers for commonly used web services, but also provides documentation to enable developers to create their own web service driver for other APIs. Web services can form part of a graph, dashboard or alerting scripts, or new visual components.
AI features introduced and enhanced: Native NLP and knowledge graph
Flexibility and partner enablement are key elements of 10.5. Partners and customers can now, at speed, easily embed Siren into their own applications and create scripted workflows that coordinate actions to solve problems, with the least number of clicks.
Siren 10.5 then augments its out of the box AI offering with a native Natural Language Processing (NLP) engine to increase knowledge graph capabilities. The NLP engine can preprocess any textual information that is accessible by Siren.
Delivered as an Elasticsearch ingestion pipeline plugin, it can enrich text fields with predefined taxonomies and annotation for named entities, such as organization, person, location, dates, monetary amounts, GPS coordinates, cyber security data, and many more.
Knowledge graph AI capabilities have been extended with the introduction of a “Common Communicator” graph algorithm. This enables users to find “what connects” three or more disjoins in the graph, e.g. three apparently disconnected persons, events, or other entities.
This new capability builds on functionality introduced in 10.4, extending the world’s first shortest path graph algorithm capable of running natively inside an Elasticsearch cluster.
Siren visual link analysis is now also capable of showing instant analytics on selections via scriptable “Card Visualizations” which can be configured to show upon selection of data.
SQL drivers and CDATA partnership
Alongside 10.5, Siren is also announcing a collaboration with CDATA, a leading provider of data connectors, and the availability of a JDBC/ODBC driver for the platform. The driver allows custom data exports for use in scripts and integrations.
Siren anticipates that the CDATA partnership will result in the availability of over 200 CDATA connectors to the platform – enabling Siren to use data from systems as diverse as Hive, Salesforce, Splunk, SharePoint and MongoDB.
Improved performance, UI and usability
Siren 10.5 enhances performance with a reduced web app bundle size and more efficient dashboard rendering, speeding up dashboard-switching scenarios by several seconds.
10.5 also includes the ability to set limits on searches, which prompts the user with a warning before they configure large joins or set broad filters and back-end performance improvements have been introduced for large, multi-index, multi-shard settings.
Enhancements to positional intelligence prompted by COVID-19 use cases
“We have been extremely proud to receive praise from Siren customers who have been using the platform in relation to COVID-19 use cases. This prompted us to accelerate the development of additional capabilities for positional intelligence that is applicable across many sectors,” said Dr. Tummarello.
Specifically, Siren can now deal with use cases tracking up to tens of millions of moving datapoints and answer complex questions on patterns, as well as generate alerts on complex conditions and show data coming from thousands of stored layers.
“The Positional Intelligence capabilities that have typically been made available to Law Enforcement and Intelligence, required all data to be copied into new systems which leads to complexity and inflexible use cases,” comments Dr. Tummarello.
“With Siren 10.5 we were able to create ad hoc workflows for COVID position tracing in just a few days leaving the data where it originally was, large Elasticsearch installations.”
from Help Net Security https://ift.tt/2XTwYGv
0 comments:
Post a Comment