All Collections
Usage & Deployment Guides
User Guide
Omni (Beta)
Omni (Beta)
A
Written by Arick Disilva
Updated over a week ago

By using this beta feature, you acknowledge that:

  • Not all functionalities might work as expected.

  • Teramind will not be responsible for any data loss or harm caused by your use of this feature.

  • The feature is a work in progress and as such might change in the final release or it might not be released at all.

  • Technical support will be limited for this feature.

Please provide your feedback and suggestions via the Teramind Wishlist portal.

“Omni” stands for ‘all’ or ‘universal’. It’s our very first AI/ML module that’s currently in public beta.

Omni provides a snapshot view of the most critical insights and incidents about your organization in a social media-like (think Facebook newsfeed) interface with scrolling video feeds.

It’s an oversight tool that will help business owners and managers keep an eye on the organization’s productivity and security without digging through detailed reports. It’s also a powerful investigation tool that can be leveraged by your analysts for identifying threats, detect anomalies, flag frauds, etc. and conduct forensic investigations, and case management for data leak incidents.

1. Insight Summary

5. Dismiss/Mute

2. Interaction History

6. Investigate

3. Feeds

7. Comments

4. Filters

8. Sort Feeds

Insight Summary

On the top-left corner of Omni’s main screen, you will see a donut graph that shows the total number of insights for the selected period along with a breakdown of risk levels. Currently, the risks are derived from the behavior rules’ risk fields but in the future, it will include other indices.

Interaction History

The Interaction History on the left panel shows a list of insights/alerts you have decided to Mute or Dismiss (see below). This way you can unmute or enable the insight/alert again if wanted. Note that the unmute/reenable feature isn’t implemented yet.

Feeds

The main feed area shows a scrollable list of insights and alerts for all users by default (you can apply filters to change the feed, see below).

On the top-left corner of a feed, you will see details of the particular feed including the Insight Type, duration, and the trigger that caused the incident.

Single vs. Aggregated Feeds

If a feed shows the Stack icon, it means, it’s an aggregated feed (a combination of similar feeds within a given time frame). The video for an aggregated feed is usually longer than individual insight/alert feeds.

Session (Video) Player

The video player works like the Session Player with similar play/pause and other playback controls.

Filters

Click the Filter button to bring up the Filter panel on the right. These are filters you can apply to the feed:

Employee

You can select All, a single employee, or multiple employees to filter the feed.

Source

OMNI draws its information from two sources:

  • Insights: This is AI/ML driven and analyzes the raw data that Teramind Agents collect and derives anomalies, patterns, and context. For example, activity falsification by users with the intent of time theft. Currently, this has only one item, “Activity Falsification”, but we will add more in the future.

  • Behavior Rule Alerts: these are our usual behavior rule alerts. However, one key difference between the BI > Alerts and OMNI’s insight is that, in addition to showing individual alerts, it can aggregate and summarize repeating offenses (drip incidents) into a single point of interest – minimizing investigation time and efforts.

You can apply one or more source filters to the feed.

Insight Category

If the Source is “Insights”, it will show you individual insights, for example, “Activity Falsification”. If you choose “Behavior Rule Alerts” as the Source, then it will show all the behavior policies you created under the Behavior > Policies screen.

You can apply one or more category filters to the feed.

Insight Type

Shows individual insights under a category. For example, if your Source=”Insights”, Category=”Activity Falsification”, you will see two types, “Key pressing” and “Inorganic mouse movement”.

You can apply one or more type filters to the feed.

Dismiss / Mute

Dismiss

The Dismiss button works like an ignore button and applies to a single insight/alert. It’s a quick way to ignore false positives:

When you dismiss a feed, you will see a pop-up feedback window:

This feedback will help Teramind understand what type of insights/alerts are effective or not, if it’s a false positive, etc., and tune the AI/ML engine for better detection in the future.

Mute

The Mute button will hide an entire Insight Type:

You can mute the insight/alert type for yourself, for the agent/employee that triggered the insights/alerts or mute it for the entire organization.

When you mute a feed, you will see a pop-up feedback window:

This feedback will help Teramind understand what type of insights/alerts are effective or not, if it’s a false positive, etc., and tune the AI/ML engine for better detection in the future.

Investigate

When you click the Investigate button, it will take you to a new screen. Depending on the Insight Type, you might see slightly different screens:

Details / History

The Details view shows details about the incident while the History view shows comments and actions (e.g., mute/dismiss) you and others have taken on the incident:

Dismiss/Mute

These buttons work similarly to the Dismiss/Mute buttons on the main Omni screen.

Comments

This button works similarly to the Comments buttons on the main screen.

Session (Video) Player

The Session (Video) Player works similar to the Session (Video) Player on the main screen.

Insight Details / General Activity

Insight Details shows details about the incident while General Activity shows all the user activities (e.g., App activity, Web activity, Keystrokes, Alerts, etc.) leading up to the incident:

Like the BI Report’s Grid widget, you can configure the columns to be displayed.

Depending on the Source, the Insight Details tab will show different information based on the Source. For example, if the Source is “Insight”, you will see more information about the insight. If it’s “Behavior Rule Alerts”, you will see rule alert(s) on this tab.

Comments

The Comment button will show a red dot if there are existing comments attached to the feed:

If you click the button, a pop-up window will open where you will see comments by you and others:

Sorting the Feeds

The Sort by feature allows you to sort the feeds in different ways:

  • Recommended: This is suggested by an algorithm based on the recency, severity, duration, and other factors.

  • Highest Priority: Highest risky events on top.

  • Newest First: Newer events on top.

  • Oldest First: Older events on top.

Related Articles
What is the difference between Teramind Starter, Teramind UAM, Teramind DLP and Teramind Enterprise?
How to detect and prevent data leaks with Teramind
Scriptable Rule Logic
Keystroke Logger
Citrix Monitoring
Did this answer your question?