New to Quantexa Learn More about Quantexa

Tips & Tricks for Managing Large and Complex Networks

As an Investigator, you may have found that Entities and Networks are helpful for identifying potential risk in the investigation process, using connections across documents and Entities. However, seeing all the available data connected through transaction flows, trades, direct links, or indirect links can present its own challenges. Substantial amounts of data in a Network can sometimes be difficult to navigate.

Where do you start?
How do you find how many hops to expand and then stop?
What do you do with the information which is no longer useful to the investigation?

Below are some tips and tricks for the latest functionality that can help simplify viewing and using Networks to their full potential.

Pre-2.0

Manual Node Grouping and Node Pinning

Node grouping allows you to manually choose Nodes to group in an area, helping simplify the Network by reducing the number of Nodes visible.
- Clicking on the context panel will allow you to see what is in this grouping. You can name this group or add or remove other Nodes to it.
Node pinning allows you to ‘pin’ Nodes into place. When other information or expansions are continued, the Nodes pinned will stay in the same place.

An example of how to use this functionality would be:
a) Investigate one Network area, group it, and pin it when completed.
b) Then do the same with other areas of the Network.
c) The groups can be renamed, and additional documents can be added to explain why this was done.

2.0

Perspectives

Perspectives include Entity-to-Entity links, Auto Node Grouping, and Masking, which allow you to simplify Networks and expose only key information.
Entity-to-Entity links enable Entities to link directly with other Entities by grouping the documents around those Entities, reducing the complexity of the Networks to view.
You can work with developers to define rules to create groups automatically for a given perspective.
An example of this would be switching to Entity-to-Entity view (as configured), which will only show Entities (and any specific documents, such as transactions) in the Network with their connections. The groups can then be viewed by the same method as Manual Node Grouping: by clicking on that group and viewing the detail in the Context panel.

Assess is the new Scoring framework introduced in 2.0. Its addition includes further upgrades post 2.0, as noted below.

2.1

Scoring updates

This is a big one: You can now include Scoring parameters by category and Network Pruning.
This helps to reduce the ‘noise’ by only showing information about the Score compared to the previous view, which showed everything within a specified number of hops from the focal Entity or document.
This will also allow you to highlight the associated Nodes in the Network when you click on the Score in the Scoring panel.

Please see the example below:

2.2

Timeline

The new timeline has various ‘swim lanes’ allowing you to pick and choose which types of documents you wish to observe in the timeline.
The timeline now supports:
- Differentiating between events with a single occurrence and a series of events related to the field.
- A swim lane per data source in the timeline which allows you to spot patterns easily.
- With the new ability to zoom into a selected time range on the timeline, whether quarters, months, or days, investigators can now drill into events that occur in quick succession or spot patterns over a time range.

Please see the example below:

Read the full release notes for 2.2.

2.3

Path Ranking

Paths are easier to identify in the Network view, and if Path Ranking is used with Network Pruning, you receive a more focused version of the Network, with only the most important paths showing.

Please see the example below:

Read the full release notes for 2.3.

2.4

Data Viewer Score filtering update

This update allows you to highlight specific Nodes in the Network related to the Score and provides the option of altering your data source query so it is not limited to the Network shown in the UI.
This is useful for Investigations where the Network is large and has been pruned for the UI.
The Data Viewer can also be configured to automatically show you the associated transactions/data (in the Data Viewer) associated with that Score.

Please see the examples below:

Read the full release notes for 2.4.

2.5

Scoring updates

This pertains to monitoring use cases where tasks are generated, such as multiple Scorecards at the same Score level.

Scoring update #1: Multiple Scorecards at the Same Score Level

Using Scoring and having up to 5 Scorecards allows a targeted approach to a large Network from an account or Entity level. Depending on how your Scoring is set up and how Investigations are conducted, you can start at the highest (or lowest!) Scores to look for true hits and potential expansions to other noticeable risks or to
Using Scoring and having up to 5 Scorecards allows a targeted approach to a large Network from an account or Entity level. Depending on how your Scoring is set up and how Investigations are conducted, you can start at the highest (or lowest!) Scores, to look for true hits and potential expansions to other noticeable risks, or to discount, noting a false positive or similar.

This feeds nicely into the next Scoring update: Entity-Based Alerting.

Scoring update #2: Entity-Based Alerting

Entity-Based Alerting has been released as an Early Access Program (EAP). This feature is an extension to Document-Based Alerting which allows the focal subject of Alerting to be an Entity.

Starting from an Entity, as the focal subject, the Investigator can then analyse connections and potential risk factors and expand outwards, as required.

Visualisation and Exploration

A few changes have been made, so you are starting in a Network (or exploration) that has already been configured to your liking. You can now configure Investigation columns to collapse by default when an Investigation is first opened, enabling you to prioritize space for more important panels.

Similarly, you can now collapse and expand aggregations in Explorer, enabling a more streamlined viewing experience in the UI.

Here is an example of the Exploration configuration:

Now let’s say you are using the Map functionality – Geospacial Search – in Explorer to try and narrow down what you are looking for before moving into a Network Graph for further Investigation. If this is the case, the update to Geospacial will be beneficial.

New configuration options have been added to enable greater control over how Geospatial Search results are visualized within Explorer.
You can now configure the colour, shape, and opacity of the map markers that appear in the Geospatial Search points view.
You can also configure tooltips for map markers, which show one or more value from the related Document.

This allows you to narrow down what you are looking for in a Query format within Exploration and get the output pushed into the Network UI for further investigation.

Node Grouping updates

Node Groups and Node selections that contain a single Entity have improved, which makes Groups behave more like Entities.

As noted in the pre-2.0 above, Node grouping allows you to manually choose Nodes to group in an area, helping to simplify the Network by reducing the amount of Nodes showing in the Network. This is useful for large Networks where you want to keep the information within the Network, but you don’t necessarily need to see all the details.

The Investigation Record Viewer panel now displays the Records for an Entity, even if Documents are also selected.
Users can rebuild from the right-click menu when only a single Entity is selected, even if multiple Documents are selected.
If a single Entity and multiple Documents are selected, the right-click menu displays all available expansions for the Node group and entity.

2.6

Multi-Entity Explorer

Explorer now supports a new schema type, Multi-Entity Explorer. This feature enables you to define a list of Entity types to include in an Explorer schema instead of one per schema, similar to the existing Multi-Document Explorer.

The Exploration UI provides feature parity for Multi-Entity Explorers compared to the existing Explorer schema types.

Though not directly something that helps with the Network UI, it allows you to narrow down what you are looking for, in the Explorer UI, across various Entities, and when looking for specific risk which you can then push through to the Network UI for further investigation.

Search 2

Along the same line of the starting of an Investigation, we have updated Search to Search 2 which includes enabling users to view a list of resolved Entities within the Search 2 UI which are resolved from Document Search results.

This allows you to start from a more defined area before jumping into an Investigation and helps to add additional data into the network for further investigation.

Conclusion

All of these areas of functionality can be used to help increase the efficiency of investigations. We also recommend setting up shadow sessions with your friendly Customer Success Manager who can show you in more detail all of the above to improve the effectiveness of traversing your Network graphs even further.

Questions, comments, or feedback on making large Networks more manageable? Be sure to add them below 😊

Don’t forget, if you have suggestions or ideas you would like to see implemented, you can submit them via our Ideas Portal.