A national intelligence agency had the remit to monitor for threats against leadership, VIPs, visiting dignitaries and to monitor for terrorist and radical threats online. The process was labor intensive, error prone and down to the individual efforts of analysts working through a sea of data without a structured process using various ad hoc tools. This made the process of onboarding new analysts very difficult and an unending process.
The Siren OSINT solution was implemented and deployed in 2 months, integrating with a commercial OSINT data feed provider.
The data feeds initially used were: Twitter, Facebook, Instagram, Youtube, Reddit, Telegram, Discord, Darkweb
The analysts were able to use search, dashboards, graph analytics and alerts to track activity of people of interest. The analysts also get huge use out of algorithms such as common communicator and shortest path. The system also supports report creation for intelligence dissemination, plus has a detailed audit of the activity of all analysts. The analyst is able to maintain its out keywords and accounts they wish to monitor. The use of NLP in the incoming unstructured text allows for identification of people, places and threat terms.
The system allowed the agency to monitor a large number of threats simultaneously through very high levels of automation. The creation of intelligence reports is now done 3X faster than the previous manual process. The onboarding of staff is now 2X faster than in the manual processes of before. The automated alerts, which are regularly tweaked by analysts to increase fidelity, give far greater confidence to leadership that real threat activity will be spotted and acted on.