By using this beta feature, you acknowledge that:
Not all functionalities might work as expected.
Teramind will not be responsible for any data loss or harm caused by your use of this feature.
The feature is a work in progress and as such might change in the final release or it might not be released at all.
Technical support will be limited for this feature.
Please provide your feedback and suggestions via the Teramind Wishlist portal.
“OMNI” stands for ‘all’ or ‘universal’. It’s an AI/ML module that’s currently in public beta.
OMNI provides a snapshot view of the most critical insights and incidents about your organization in a social media-like (think Facebook newsfeed) interface with scrolling video feeds.
It’s an oversight tool that will help business owners and managers keep an eye on the organization’s productivity and security without digging through detailed reports. It’s also a powerful investigation tool that can be leveraged by your analysts for identifying threats, detect anomalies, flag frauds, etc. and conduct forensic investigations, and case management for data leak incidents.
5. Dismiss/Mute | |
6. Investigate | |
3. Feeds | 7. Comments |
4. Filters | 8. Sort Feeds |
Insight Summary
On the top-left corner of OMNI's main screen, you will see a donut graph that shows the total number of insights for the selected period along with a breakdown of risk levels. Currently, the risks are derived from the behavior rules’ risk fields but in the future, it will include other indices.
Interaction History
The Interaction History on the left panel shows a list of insights/alerts you have decided to Mute or Dismiss (see below). This way you can unmute or enable the insight/alert again if wanted. Note that the unmute/reenable feature isn’t implemented yet.
Feeds
The main feed area shows a scrollable list of insights and alerts for all users by default (you can apply filters to change the feed, see below).
On the top-left corner of a feed, you will see details of the particular feed including the Insight Type, duration, and the trigger that caused the incident.
Single vs. Aggregated Feeds
If a feed shows the Stack icon, it means, it’s an aggregated feed (a combination of similar feeds within a given time frame). The video for an aggregated feed is usually longer than individual insight/alert feeds.
Session (Video) Player
The video player works like the Session Player with similar play/pause and other playback controls.
Filters
Click the Filter button to bring up the Filter panel on the right. These are filters you can apply to the feed:
Employee
You can select All, a single employee, or multiple employees to filter the feed.
Source
OMNI draws its information from two sources:
Insights: This is AI/ML driven and analyzes the raw data that Teramind Agents collect and derives anomalies, patterns, and context. For example, activity falsification by users with the intent of time theft. Currently, this has only one item, “Activity Falsification”, but we will add more in the future.
Behavior Rule Alerts: these are our usual behavior rule alerts. However, one key difference between the BI > Alerts and OMNI’s insight is that, in addition to showing individual alerts, it can aggregate and summarize repeating offenses (drip incidents) into a single point of interest – minimizing investigation time and efforts.
Note that for a rule alert to show up on the OMNI feed, you will have to enable the “Display in OMNI feed” option from the rule’s General tab.
You can apply one or more source filters to the feed.
Insight Category
If the Source is “Insights”, it will show you individual insights, for example, “Activity Falsification”. If you choose “Behavior Rule Alerts” as the Source, then it will show all the behavior policies you created under the Behavior > Policies screen.
You can apply one or more category filters to the feed.
Insight Type
Shows individual insights under a category. For example, if your Source=”Insights”, Category=”Activity Falsification”, you will see two types, “Key pressing” and “Inorganic mouse movement”.
You can apply one or more type filters to the feed.
Dismiss / Mute
Dismiss
The Dismiss button works like an ignore button and applies to a single insight/alert. It’s a quick way to ignore false positives:
When you dismiss a feed, you will see a pop-up feedback window:
This feedback will help Teramind understand what type of insights/alerts are effective or not, if it’s a false positive, etc., and tune the AI/ML engine for better detection in the future.
Mute
The Mute button will hide an entire Insight Type:
You can mute the insight/alert type in three ways:
You won’t see this type of insight in your feed anymore
You won’t see this type of insight for this employee in your feed anymore
No one in the organization will see this type of insight in their feeds anymore
When you mute a feed, you will see a pop-up feedback window:
This feedback will help Teramind understand what type of insights/alerts are effective or not, if it’s a false positive, etc., and tune the AI/ML engine for better detection in the future.
Investigate
When you click the Investigate button, it will take you to a new screen. Depending on the Insight Type, you might see slightly different screens:
2. Dismiss/Mute | |
3. Comment |
|
Overview / Team Activity
The Overview tab shows details about the incident while the Team Activity tab shows comments and actions (e.g., mute/dismiss) you and others have taken on the incident:
Dismiss/Mute
These buttons work similarly to the Dismiss/Mute buttons on the main OMNI screen.
Comments
This button works similarly to the Comments buttons on the main screen.
Session (Video) Player
The Session (Video) Player works similar to the Session (Video) Player on the main screen.
Insight Details / General Activity
Insight Details shows details about the incident while General Activity shows all the user activities (e.g., App activity, Web activity, Keystrokes, Alerts, etc.) leading up to the incident:
Like the BI Report’s Grid widget, you can configure the columns to be displayed.
Depending on the Source, the Insight Details tab will show different information based on the Source. For example, if the Source is “Insight”, you will see more information about the insight. If it’s “Behavior Rule Alerts”, you will see rule alert(s) on this tab.
Comments
The Comment button will show a red dot if there are existing comments attached to the feed:
If you click the button, a pop-up window will open where you will see comments by you and others:
Sorting the Feeds
The Sort by feature allows you to sort the feeds in different ways:
Recommended: This is suggested by an algorithm based on the recency, severity, duration, and other factors.
Highest Priority: Highest risky events on top.
Newest First: Newer events on top.
Oldest First: Older events on top.