Visual families specify the relationship between the entities and protagonists from the third-party applications.
The family is attached to a specific event / product in the Event Configuration > Visualization screen. The family is then displayed in the Explore Cases screen for each event, product or source so that the analyst can see who did what and when.
The Visual Families screen is where you can configure the family’s fields and relationships.
To clone or create a visual family:
- Navigate to Settings > Ontology > Visual Families.
- Either select one of the existing visual families and click the Duplicate icon on the top right. (Or select the plus icon and create a new family from scratch).
- In the Family Rules screen that opens, edit the relevant information by either selecting a row and clicking on Edit icon. Or click on the plus icon to add a new family rule.
- Enter the relevant information. Primary to Fourth Source of where to take the Information and the Primary to Fourth Destination in Siemplify to send it to. Relation Type: Type (action) or Linked (connection). An action is when one entity does something to another entity (user sends an email). A connection simply means the two entities are related (user and the machine’s host name). In the Explore screen, the Type (action) is denoted by an arrow and Linked (connection) is denoted by a dotted line.
- Click Save.
- Make sure to click the Save icon the top right of the screen before exiting this screen!
Need more help with this?
Click here to open a Support ticket