GAT has now integrated parts of the Business Intelligence modules directly into some of its key audit areas. This means important audit results can be visualized almost instantly, highlighting size, time and direction of the relationships being audited.
We start with an example from email. In our case, we will look for emails sent to ‘Support’
We are keen to know who is generating all the workload for our support address. We look for an exact match on an email sent directly to the address we are interested in.
We then click on ‘Domain Connections’ to see the results in tabular form for all the domains that sent an email to that address.
These tables can be very big and while all the columns are sortable what you need to do is have the ability to visualize all the information at once. To do this click on the link ‘Show communications graph’ and this will take you through to the business intelligence ‘Domain Connections’ module.
By default for the email domain connections chart, the view period for the table data is set to 1 week. You can extend that to cover any period the table data covers. Your domain will always be automatically centred in the time frame you set. Every other domain will be placed based on the average age of their communications in that time frame. In that way, you can quickly see new (on the right) and old (on the left) relationships.
The larger the node the more emails to support from that domain.
Red lines indicate other domains involved in the email communications, often indicating whether third parties or sister companies are involved.
The same technology can be used in drive – again it is automatically applied to any search you do. In this example, we want to look at all the documents used by a particular user to see which domains the user is sharing documents out to and in from.
To do this we go to Drive audit and find all the documents the individual is a ‘User’ of.
Once the result is returned we click on ‘Domain Connections’.
Again a table is produced showing all the domains involved in sharing files to that individual.
From here we can visualize the data in a domain relationships chart by clicking on ‘Show communication graph’ which will automatically take us over to the Business Intelligence visualization module.
Here the default time window is set to one year. Again it can be adjusted.
Other refinements such as eliminating nodes with more or less than a certain number of shares can also be applied to the graph.
Each graph is clickable by node to show the specific details of file sharing that underpins the connection being graphed.
Specific Use Case
Specific use cases for these features include decommissioning users, analysing relationships, understanding the state of a business relationship with a specific company, identifying contacts with a specific company, assessing workload and many other important Business Intelligence tasks.