Skip to main content
Version: 2.11.X

Cogynt Workstation Widgets

A widget is a building block that performs a variety of analytical functions essential to event and data analysis. Widgets are placed within views and view templates that can be shared with other Workstation users.

Entity event inspection depends on the widget used, but the basic analyst workflow in Cogynt consists of three steps:

  1. Add widgets to views.
  2. Manage widget placement and size within a view.
  3. Drag events between widgets for further analysis.

The view will automatically scroll when an item is dragged to the upper or lower part of a screen.

Adding Widgets to Views

Widget usage can vary depending on events created in Cogynt Authoring and how they are processed by HCEP. For example, Link Analysis is reliant on events having established links (such as phone calls or emails) between each other, while the Interactive Map requires geographic data (such as coordinates).

For more information, see the following list of available Workstation widgets.

Tip

Once a view is created, it can contain any number of widgets (including duplicate widgets). For an ideal workflow, widgets should not exceed the height of the screen.

To add a widget to a view:

  1. In the lefthand drawer of any open view, click the grid icon to Add Widgets to the View The lefthand panel changes to a list of widgets.
  2. Locate the widget to add to the view from the list, and then click +.
  3. Repeat Step 2 as needed for each desired widget.
  4. Click the close icon (X) beside Add Widgets to the View to close the drawer.

A view is updated and saved automatically as you add and manage the widgets housed within it.

Note

Renaming, resizing, or moving a widget within a view does not affect the widget for other users.

Renaming Widgets

Any widget can be renamed as needed to suit a specific view.

To rename a widget:

  1. From an open view containing widgets, locate the widget you wish to rename.
  2. Click the pencil icon () and enter the new name.
  3. Click the checkmark () when you are finished to save the changes, or click the cancel button (X) to discard them.

Resizing Widgets

Widgets placed within a view are resizable.

To resize any widget:

  1. Hover the cursor over the bottom-right of the widget. The cursor changes to a diagonal arrow (↘)
  2. Click and drag the Widget to the desired height and width.

Maximizing and Minimizing Onscreen Widgets

A widget can occupy the full screen when focus is required.

To open widgets in fullscreen:

  1. In the top-right corner of the widget, click the green + button. The widget becomes full screen.
  2. In the top-right corner of the widget, click the orange - button. The fullscreen widget returns to the last configured size within the user's view.

Moving Widgets

Widgets can be moved as needed to further customize a view.

To move widgets:

  1. Hover the cursor over the top of the widget. The cursor changes to the move icon.
  2. Click and drag the widget to its new location.

Widgets are positioned dynamically, changing the layout as it is adjusted.

Deleting Widgets

When widgets are no longer needed, or have been added by mistake, they can be deleted.

To delete widgets:

  1. In the top-right corner of the widget, click the delete button (X).
  2. Confirm the deletion of the widget to remove it, or click Cancel to retain it.

Warning

A deleted widget can be recalled by adding it to a view, but settings pertaining to filtering and sorting are not preserved when a widget is deleted.

Dragging Data Between Widgets

Once widgets are sized and placed within a view, events and data can be dragged from one widget into another.

To drag data between widgets:

  1. Ensure at least two widgets are open within a view.
  2. Locate the drag icon. This icon can be present in the upper right of widgets, or to the left of events in the Events Stream widget. (Events added to collections do not have a drag icon. Click and drag the event to move it between widgets.)
  3. Click and drag the drag icon of the entity event into the other open widget. A semi-transparent rectangle visualizes the entity event you are dragging.
  4. The widget to be used becomes highlighted. Release the click, and the widget renders the data based on its type.

Finding Cogynt Widgets

This directory contains links to documentation for each widget available in Cogynt Workstation.

Event Stream Widget

The Event Stream widget displays recent events in chronological order, with the capability to search by event_title to specify particular events for further analysis in the Object Details Viewer. The Event Stream Widget is fundamental to further analysis, as it allows Workstation users to drag and drop events into other Widgets.

Object Details Viewer

The Object Details Viewer widget drills down into the details of an event, event notification, collection, or drilldown nodes. This widget is among the most common widgets in Workstation, and is required for viewing in-depth details for objects such as events. It is not uncommon to have multiple Object Details Viewer widgets on one view.

Notifications

The Notifications widget displays notifications that occur or have been recently updated based on a predefined risk_score and a selected time period. The Notification Stream's default view is reverse chronological order, but it is possible to filter only notification updates within a specific time period. Use the Object Details Viewer widget to review the details for an event notification.

Notifications Explorer

The Notifications Explorer widget displays up to 100 event notifications that Workstation has generated. There are various filters available to locate a set of specific event notifications. Use the Object Details Viewer widget to review the details for an event notification.

Collections

A Collection is a data object that empowers analysts to collaborate on the investigation of events. The Collections widget allows users to create, manage, and access collections in Workstation.

The Link Analysis widget allows analysts to visualize a network diagram of linkages between entity events. This widget is only applicable if output from Authoring and HCEP includes this information.

Interactive Map

The Interactive Map widget plots events to an interactive map using geographic coordinates, either by manually selecting a set of events, or by creating rules that automatically stream events to a map. This widget is only applicable if output from Authoring and HCEP includes geographic data.

Drilldown

The Drilldown widget displays a hierarchical diagram that represents the full event's provenance. The Drilldown widget allows Workstation users to view the "why and how" of events as processed in HCEP at a glance. This widget is only applicable if Provenance is enabled for the related pattern in Authoring.

Risk Score History

The Risk Score History widget allows dragging and dropping events or event notifications into it to display a line/scatter graph that plots how risk has changed over time.

Event History

The Event History widget displays historical versions of an event to examine how the event has changed over time.