Skip to main content
Version: 2.13.X

Cogynt Glossary

This document provides a collection of key Cogynt terms and their definitions.

Where appropriate, entries link to other terms in this glossary, or to relevant pages of Cogynt documentation.

A

Advanced Report

An Advanced Collection Report is a template in Microsoft Word .docx format. Unlike a Basic Collection Report, an Advanced Collection Report lets users configure its format, and specify which fields and information are included in the report.

Advanced Collections Reports are most useful for including proprietary assets (like a specific header or footer), specific data from specific fields within a collection, and other outside data that must be preserved between collection reports.

For more information about basic reports, see Working with Advances Collection Reports in the Cogynt Workstation User Guide.

B

Basic Report

A Basic (PDF) Collection Report uses a drag and drop editor to create collection reports using the Cogynt Report Builder editor. It preserves the contents of a collection, making it easy to export collections and include them with your own reporting.

Unlike an Advanced Collection Report, a Basic Collection Report outputs the entire collection at once. This can be useful for quickly gathering and distributing all the information associated with the collection. For more granular control over collection information, an Advanced Collection Report is recommended.

For more information about basic reports, see Working with Basic Collection Reports in the Cogynt Workstation User Guide.

C

Collection

Collections can be thought of as case files or folders of information. Collections can also involve related collections, linking multiple incidents, events, and collection data. Collections facilitate sorting pertinent information and keeping it all in once place for easy access and convenient reference.

The Collections widget allows case analysts to gather relevant events into a single space so that analysts can tag one another, collaborate with comments, and attach files in support of case work related to collections.

For more information about collections and the Collections widget, see Case Analysis with Collections in the Cogynt Workstation User Guide.

Collection Attachment

Collections can hold any number of attachments. Teams can use collection attachments to store outside analysis, correspondence, evidence, reporting, testimony, bodycam footage, and more.

Any of the following file formats can be uploaded:

  • Image file types including: bmp, jpeg, gif, png, svg+xml, and webp.
  • Audio files including: mpeg and wav.
  • Video files including: avi, mov, mp4, webm.
  • MIME/application types including: application/json, application/pdf, application/ppt, application/pptx, application/xls, application/xlsx, application/xml.
  • MIME/content types including: text/csv, text/doc, text/docx, text/plain, text/rtf, text/xml.

Collection Details Viewer

Object Details Viewer becomes Collection Details Viewer once a collection is placed into it. Collection Details Viewer has a Collections tab containing all collection contents, as well as a Custom Fields tab and an Items tab with any events attached to the collection.

This widget facilitates browsing and making use of the information in a collection.

For more information about the Object Details Viewer and Collection Details Viewer widgets, see Cogynt Workstation Widgets in the Cogynt Workstation User Guide.

Collection Tag

In Cogynt Workstation, collection tags help coordinate operations between team members for analysis and intuitive searching. These tags are assigned only to collections, one tag per collection.

Computation

A computation is a function that analyzes, evaluates, converts, or performs calculations using inputs in Cogynt Authoring. Computations apply comparison logic to input data, and include an output that validates or invalidates an event pattern.

Computations allow Cogynt users to manipulate and process data, making it possible to create sophisticated models.

For more information about computations, see Outcome Computations Authoring and Built-In Computation Functions in the Cogynt Authoring User Guide.

Constraint

A constraint links two elements in an event pattern in Cogynt Authoring using their compatible fields (or their constraint computations outputs) coupled with a comparison condition.

tip

An event pattern called Repeat Transactions could have a constraint that compares the field containing the event's time against the previous 30 minutes. Any transactions that match that timeframe constraint could then be logged as part of the event pattern's outcome.

For more information about working with constraints, see Event Pattern Authoring in the Cogynt Authoring User Guide.

Custom Field

Custom fields are applied to collections, and help capture important details specific to team needs. The available custom fields include:

  • Checkbox: An item that analysts can click to toggle. For example, collections built for police reporting may want to include a checklist that includes several common types of crime within a district or region (DUI, domestic violence, breaking and entering, etc.).
  • Plain text: A field that lets analysts type quick, unformatted text.
  • Rich text: A field that allows analysts to record critical analysis using a What You See Is What You Get (WYSIWYG) editor. This format allows analysts to seamlessly move text captured within Workstation to third-party document editors such as Microsoft Word.
  • Select menu: Dropdown lists of customizable values that analysts can select one value from at a time. These are useful for defining the state or attribute of a collection, such as whether a superior has reviewed the case or whether escalation is recommended.

Custom fields allow greater control over what kind of information a collection can accommodate, and make it easier for analysts to contribute information.

D

Data Ingestion

Ingestion is the process by which Cogynt takes in data for processing and analysis.

In Cogynt Workstation, analysts can only work with data once that data has been ingested. Data ingestion creates a list of unique records, applies any event decorations used to make specific events from a stream stand out, and provides the status for that data stream.

Deployment

In Cogynt Authoring, a deployment translates the model into code for the system to process.

In addition to its deployment target specification, a deployment identifies what event patterns to deploy. Deployments also allow overriding any Flink configuration specified in its linked deployment target. Deployments run indefinitely until they are cancelled.

For more information about working with deployments, see Deploying Models in the Cogynt Authoring User Guide.

Deployment Target

In Cogynt Authoring, deployment targets define the data sources, Flink configuration, and logging configuration for deployments.

Deployment targets allow greater control over the parameters of deployments, making it easier to fine-tune them as needed.

For more information about working with deployment targets, see Deploying Models in the Cogynt Authoring User Guide.

Drilldown

In Cogynt Workstation, the Drilldown widget visualizes a hierarchical diagram of an event's provenance. This diagram represents the underlying events and patterns that were defined in Cogynt Authoring.

The Drilldown widget is useful for understanding the "why and how" of an event's creation and processing in Cogynt.

For more information about the Drilldown widget, see Drilldown Into Events in the Cogynt Workstation User Guide.

E

Element

An element represents an event pattern's input event type in Cogynt Authoring. Other characteristics can also be specified for elements, such as time-to-live. For example, an element called state capitals could include fields such as capital name, continent name, country code, etc.

For more information about working with elements, see Event Pattern Authoring in the Cogynt Authoring User Guide.

Event History

In Cogynt Workstation, the Event History widget displays historical versions of an event to examine how the event has changed over time.

For more information about the Event History widget, see Analyzing Event History in the Cogynt Workstation User Guide.

Event Pattern

An event pattern contains pattern detection logic in Cogynt Authoring. Users decide what kind of data it should receive, process, and produce for output. Event patterns are like pre-defined queries that are run on streaming data to identify events that meet user-defined constraints.

Event patterns consist of constraints, elements, and computations. They have a single outcome.

tip

An event pattern called Repeat Transactions could include:

  • Constraints that look for multiple transactions from a single account.
  • An input element called Transactions.
  • An outcome called Repeat Transactions.

Once deployed, such an event pattern would check to see whether the specified constraints are met in the input data and use computations to transform elements to outcomes.

For more information about working with event patterns and their child artifacts, see System Authoring and Event Pattern Authoring in the Cogynt Authoring User Guide.

Event Stream

In Cogynt Workstation, the Event Stream widget displays recent events in chronological order, with the capability to search by event_title to specify particular events for further analysis in the Object Details Viewer. The Event Stream Widget is fundamental to further analysis, as it allows Workstation users to drag and drop events into other Widgets.

For more information about the Event Stream widget, see Viewing Event Data in the Cogynt Workstation User Guide.

Event Type

An event type represents the data processed by an event pattern in Cogynt Authoring. It uses a user data schema for its field list. An event type also contains other specifications for the data stream (for example, stream type, stream source, stream filter, and so on).

This is not to be confused with an event pattern. An event type defines the type of data to be processed, whereas an event pattern defines the logic to apply to that data.

For more information about working with event types, see Data Authoring in the Cogynt Authoring User Guide.

F

G

Global Events Stream

Events ingested into Workstation become a part of the Global Events Stream. This stream of data grows or shrinks as new data and information is processed or deleted in Authoring/HCEP. The stream of events may contain many different types of events, such as:

  • Events related to people, places, or things.
  • Events related to fluctuations in risk score.
  • Events contain other kinds of data, such as linkage events or events containing geodata.

For more information on using the global events stream, see Global Events Stream in the Cogynt Workstation User Guide.

H

HCEP

An acronym meaning "Hierarchical Complex Event Processing."

HCEP is a process by which large amounts of noisy or disorganized data can organized into coherent patterns. It provides Cogynt's core operating principle.

I

Interactive Map Widget

In Cogynt Workstation, the Interactive Map widget plots events to an interactive map using geographic coordinates, either by manually selecting a set of events, or by creating rules that automatically stream events to a map. This widget is only applicable if output from Authoring and HCEP includes geographic data.

The Interactive Map Widget is useful for creating visual records of geographic data and making it easier to understand the spatial relationships between different pieces of geographic data.

For more information about the Interactive Map widget, see Using Interactive Maps in the Cogynt Workstation User Guide.

J

K

L

Lexicon

A lexicon represents a tree of terms and their synonyms that can be used to filter a data stream in Cogynt Authoring. A lexicon essentially defines the data types used as input or output for a model built in Cogynt Authoring.

Lexicons are useful for ensuring only the most relevant data from a stream is utilized.

For more information about working with lexicons, see Lexicon Authoring in the Cogynt Authoring User Guide.

The Link Analysis widget allows analysts to visualize a network diagram of linkages between entity events. This widget is only applicable if output from Authoring and HCEP includes this information.

This widget is useful for creating intuitive visual models of the relationships between various events.

For more information about the Link Analysis widget, see Link Analysis in the Cogynt Workstation User Guide.

M

Manual Action

Manual actions allow analysts who are reviewing pattern results in Cogynt Workstation to manually trigger an action or event in running patterns, thus changing their results or altering their behavior.

Manual actions can serve a variety of purposes, including error correction and process overrides. The logic of manual actions is highly customizable and defined entirely by users. Manual actions can there be configured to meet a variety of use cases.

Model

A model is a representation that describes and predicts the behavior of a system. Cogynt uses models for establishing and organizing the logical operations that it will apply to a data stream. Models are built in Cogynt Authoring, and their findings are passed on to Cogynt Workstation for study and analysis.

Models provide a graphical, zero-code means of creating complex and sophisticated analytical patterns, making it easy for anybody to harness the power of streaming data and Hierarchical Complex Event Processing (HCEP).

Model Document

Cogynt Authoring can export entire projects in PDF form. The resulting file is sometimes called a "model document" or "model documentation."

This feature is useful for archiving and distributing Cogynt models in a physical medium.

For more information, see Producing Model Documentation in the Cogynt Authoring User Guide.

N

Notification

In Cogynt Workstation, a notification is a message indicating that something requires attention. These help ensure that users notice important occurrences and findings.

Notifications can be viewed using the Notifications widget. It displays notifications that occur or have been recently updated based on a predefined risk_score and a selected time period. The Notification Stream's default view is reverse chronological order, but it is possible to filter only notification updates within a specific time period. Use the Object Details Viewer widget to review the details for an event notification.

For more information about notifications, see Exploring Event Notifications in the Cogynt Workstation User Guide.

Notifications Explorer

The Notifications Explorer widget displays up to 100 event notifications that Workstation has generated. There are various filters available to locate a set of specific event notifications. Use the Object Details Viewer widget to review the details for an event notification.

For more information about the Notifications Explorer widget, see Exploring Event Notifications in the Cogynt Workstation User Guide.

Notification Tag

Notification tags can be useful for a notification's recipient, helping to quickly identify its subject. These tags are assigned only to event notifications, one tag per notification.

O

Object Details Viewer

The Object Details Viewer widget shows the details of an event, event notification, collection, or drilldown nodes. This widget is among the most common widgets in Workstation, and is required for viewing in-depth details for objects such as events. It is not uncommon to have multiple Object Details Viewer widgets on one view.

For more information about the Object Details Viewer widget, see Object Details Viewer in the Cogynt Workstation User Guide.

Outcome

An outcome represents an event pattern's output event type in Cogynt Authoring. An outcome results when a constraint in an event pattern is checked against the input data.

An outcome may also contain outcome computations, risk distribution, and windowing specifications.

It is common for the outcome name to match the event pattern name. For example, an event pattern called repeat transactions might have an outcome that is also called repeat transactions.

For more information about working with outcomes, see Event Pattern Authoring in the Cogynt Authoring User Guide.

P

Partition

A partition is a means of splitting incoming data and grouping Cogynt's analysis by one or several fields.

For example, a model that analyzes bank transactions could partition along a "bank account" field, allowing Cogynt to calculate the balance for individual bank accounts (instead of treating the entire data stream as a single account).

For more information about working with partitions, see Event Pattern Authoring in the Cogynt Authoring User Guide.

Project

A project contains all artifacts pertaining to a specific Authoring model.

Projects are independent of each other; thus, their artifacts cannot be shared. Use projects to iterate or create new models based on existing work, or to work in parallel.

For more information about working with projects, see Creating and Opening Projects in the Cogynt Authoring User Guide.

Q

R

Risk History

An item's risk history is its risk score over time. This helps analysts estimate whether the risk associated with that item is growing more urgent.

In Cogynt Workstation, the Risk History widget allows dragging and dropping events or event notifications into it to display a line/scatter graph that plots how risk has changed over time. Event patterns built in Cogynt Authoring must have associated risk weighting.

For more information about the Risk History widget, see Analyzing Event History in the Cogynt Workstation User Guide.

Risk Score

An item's risk score is a number indicating its likelihood of causing a certain outcome. Risk scores allow Cogynt to communicate its findings in a concise, understandable format.

For more information about risk scores, see Understanding Risk Types in the Cogynt Authoring User Guide.

S

Schema Discovery

Authoring's Schema Discovery utility creates user data schemas by providing pre-populated schemas based on data it finds in a Kafka cluster. This is a useful time-saving mechanism in many cases.

For more information about the Schema Discovery utility, see Data Authoring in the Cogynt Authoring User Guide.

System Notification

System notifications inform Workstation users of changes made to collections or event notifications.

The following triggers generate a system notification from event notifications, but can be toggled on or off:

  • Event notifications with an Assigned User. Users are initially also notified when they have been auto assigned to an event notification based on settings.
  • An event notification's priority changes.
  • An event notification's primary tags change, including any additional system tag changes.
  • An event notification's status changes (Dismissed or Archived).

System Tag

System tags offer a means of providing additional contextual details about collections, events, or notifications. System tags are versatile, assignable to both collections and notifications.

T

Tag

In Cogynt Authoring, a tag is a label for grouping or classifying artifacts. Tags can be given names and colors. For information about working with tags, see Managing Tags in the Cogynt Authoring User Guide.

In Cogynt Workstations, tags are labels for sorting and providing additional context for collections, notifications, or system events.

U

User Data Schema

A user data schema defines the basic data structure of a data object in Cogynt Authoring. The structure contains an ordered list of fields, each given a name and a data type.

User data schemas are useful for ensuring that Cogynt correctly maps and interprets incoming data.

For more information about working with user data schemas, see Data Authoring in the Cogynt Authoring User Guide.

V

W

Widget

In Cogynt Workstation, a widget is a building block that performs a variety of analytical functions essential to event and data analysis. Widgets are placed within workspaces and workspace templates that can be shared with other Workstation users.

For more information about Workstation widgets, see Cogynt Workstation Widgets in the Cogynt Workstation User Guide.

Window

A window is a finite segment of a data stream. Because windows have clear demarcations, they can be subjected to computations without taxing a system or sending it into an infinite loop.

For more information about windows in Cogynt, see Event Pattern Authoring in the Cogynt Authoring User Guide. For general information about windows, refer to Windows in the official Apache Flink documentation.

Windowing

"Windowing" is the process of splitting a stream of data into portions of finite size (windows). Windowing separates the data from an input stream into discrete sections, making it possible to process and calculate data over time.

For more information about windowing in Cogynt, see Event Pattern Authoring in the Cogynt Authoring User Guide. For general information about windowing, refer to Windows in the official Apache Flink documentation.

Workspace

Workspaces are highly customizable dashboards designed for data analysis. A user's workspace contains widgets for various workflows critical to data analysis.

Multiple workspaces can be utilized to filter distinct streams of system generated events over time, or to shift the focus of analysis. For example, a user might have a workspace dedicated to Collections and another to event or risk history.

Workspace Template

Workspace templates duplicate existing workspaces with their existing widgets and certain settings intact. Authorized users can use these presets to create their own workspaces that retain the layout and widgets used in the template.

Workspace templates are useful for sharing or recreating helpful or effective workspace setups.

X

Y

Z