Challenge
Intelligence and law enforcement analysts and investigators need to be able to quickly draw correlations between various sources of information in order to effectively perform their basic organizational responsibilities. With so much information to sift through, manual correlation processes are time consuming and details are often overlooked or missed. Persistent awareness of relevant or related changes in and correlations across watch lists, open source data (e.g, news reports), incident reports, case files, target financial transactions, walk-in-reports, etc. is impossible to achieve without automation, and likewise is critical to operational success.
Solution
The solution required comprehensive monitoring to detect key changes in contextually relevant investigative information, derived from a multitude of sources as new data became available. The solution also needed to disseminate instant intelligence regarding the applicability (e.g. cross references against other sources), impact of the new data, and actions available. For example, if new information regarding a person or phone number of interest is updated in a case file out of Los Angeles, if that person is also referenced in a case in Boston, the Boston-based case agent should also receive an alert. Through an easy to use web based interface, Agent Logic’s enterprise software, RulePoint®, allows users to capture and automate analysis and investigative logic. RulePoint® receives data from various systems and continuously applies analysis logic to the data. When actionable information is detected by applying the investigator’s logic, RulePoint® generates an alert and sends it to the appropriate person, team or system for action.
Additionally, based on multiple events occurring over time associated with particular entities (people, places, things), RulePoint® automatically adds those entities to internal watch lists, such that occurrences in future events will generate alerts to those that need to know. For example, if a particular unknown person is mentioned in internal reports, case files, or link charts more than three times within a week associated with a known person of interest, that unknown person can automatically be added to a watch list that is referenced by other user rules that handle alerting. Thus, the next time the unknown person is mention, because he/she is now on a watch list, appropriate notifications will be generated. Most importantly, this automatic watch list updating capability allows RulePoint® to become smarter as it monitors across multiple sources. Additionally, as part of alerts, newly detected entities can be cross referenced against external sources (e.g. search engines, databases), so that alert data not only includes information on entity activity but also background data.
Results
Time consuming analysis and investigation is now performed automatically. Rules created by domain experts can be shared and subscribed to by authorized departmental personnel, resulting in improved situational awareness by collaboration. Instant investigative intelligence is delivered. New and changing information critical to analysts and agents is no longer missed, or delivered too late. Analysts and agents that were spending hours per day performing manual queries and cross-correlations now have the right contextual information delivered in the format that they prefer. In addition to being able to detect the changing information that would be tedious for a person to handle manually, the solution detects events that would never be noticed by a person without RulePoint®. Ultimately, it is the events and alerts that would have otherwise gone undiscovered that make this solution invaluable to its users.