13 Security Shield Call Traffic Analytics
Oracle® Communications Security Shield Cloud Service (Security Shield) provides analytics that can help you investigate your inbound and outbound call traffic, as well as anomalies, suspicious behavior, and malicious traffic. You can access analytics through the Security Shield Dashboard.
Call Traffic Analytics Default Display
When you click the Analytic Reports button on the Oracle® Communications Security Shield Cloud Service (Security Shield) Dashboard, Security Shield opens the directory containing all analytics reports, called Projects. When you click the default Project, Security Shield displays the default set of canvases and opens to the Stats by Carrier/Country canvas.
Note:
Oracle periodically updates the default Project and versions its name. For example, OCSS-2.0 is newer than OCSS.The following screen capture shows the Stats by Carrier/Country canvas as an example. Like all canvases, the display includes a combination of elements such as data attributes (located above the Call Classifications Reputation Score visualization), doughnut graphs, bar graphs, tables, and maps. The panel at the far left contains the attributes, elements, and formats privileged users can apply to the canvas. The panel between the far left panel and the canvas shows the attributes, elements, and formats used on the canvas in focus. Click the tabs at the bottom of the screen to see the other default canvases.
Note:
Oracle recommends that you use filters to limit the amount of data that is loaded for maximum efficiency. If you set the filters to the full 30 days, with all other filters disabled, loading times may be longer because the loading time is a function of the data size.Note:
You can create customized versions of the default Projects with any of the attributes and formats listed in the left pane. Be sure to customize only a duplicate of the default Project; never the original.Tabs | Descriptions |
---|---|
Stats by Carrier/Country |
Filters calls based on Date, Time, Calls Score Classification, and the Enforcement action Security Shield applied. You can also filter on the Carrier and Country of origin. |
Fraud Type by Carrier/Country |
Filters calls based on Date, Time, Fraud Type, Score severity, and the Enforcement action Security Shield applied. You can also filter on the Carrier and Country of origin. |
Country Statistics and Fraud Summary |
Filters calls based on Country, Dialed Number, Date, Time, and Fraud Type. |
Carrier Statistics and Fraud Summary |
Filters on Inbound Carrier, Dialed Number, Date, Time, and Fraud type. |
Short Calls |
Captures calls with durations under 10 seconds. Note: Although the duration does not trigger an enforcement action, you may find the data useful for identifying Account Takeover attempts, RoboCalls, and other Fraud attempts. |
Neighbor Spoofing |
Captures repeated calls from the same area code and prefix. Abnormal volumes of such traffic may indicate Neighbor Spoofing or an attempt to illicit a response to a call by spoofing a local phone number. Security Shield detects such patterns and dynamically adjusts the call score. You can configure Security Shield to block and redirect such calls. |
Inbound Number Analysis |
Filters calls based on Date, Time, Type of Fraud, Frequency of each Calling Number, Frequency of each Called Number, Carrier, and Country of origin. |
Total Calls Table |
Displays raw data related to every transaction processed through Security Shield. You can filter and sort the data by any data point in the table. You can export the data as a .CSV file for saving of further examination. |
Call Stats |
Displays a high-level, but detailed view of calls during the selected time period. The default view shows aggregate call totals and highlights inbound versus outbound, Session Border Controller location and score category distribution. Also shows the top ten FROM and To numbers and trend analysis of Call Enforcement, Call Rate, and Call Reputation Score. |
Note:
Oracle recommends that you do not alter the default canvas. Instead, Duplicate the Default Analytics Project and alter the duplicate. After duplicating, be sure to Move a Security Shield Analytics Project Out of the OCSS Folder.Change the Default Analytics Reports Display for Editing
The Oracle Analytics landing page defaults to the view-only mode, which does not allow editing. The OCSSAnalyticsEditor can edit the Call Statistics and the Call History reports, but must change the mode before editing is possible.
The OCSSAnalyticsEditor must change the report mode (displayed in the URL) from the default "presentation" mode to the editing mode, called "full" mode. In this way, the OCSSAnalyticsEditor can edit the Call Statistics report and the Call History report, which are linked to the respective tiles on the Security Shield Dashboard.
- Click Analytics Reports on the Dashboard.
- On the Oracle Analytics page, locate the word presentation in the URL.
- Change presentation to full.
Call Traffic Analytics Display Operations
All Oracle® Communications Security Shield Cloud Service (Security Shield) analytics canvases operate with the same behaviors and controls.
- When you click a particular part of the graphic in a visualization, the other visualizations on the canvas automatically adjust to filter on the same data point. For example, on the Stats by Carrier/Country canvas, suppose you click Medium Risk on the Call Classification by Reputation Score visualization. The data on all the other visualizations and tables changes to reflect data about only the Medium Risk calls.
- When you click an attribute at the top of the canvas, Security Shield displays a dialog for customizing the attribute. The parameters you set apply to all visualizations on the canvas.
- When you want to clear a filter in a visualization, click outside the visualization.
- When you want to clear all filters, move your cursor into the white space above the canvas. Security Shield displays a second hamburger menu. Click the menu and click either Clear All Selections or Remove All Filters.
- When you click a tab at the bottom of the canvas, Security Shield displays the corresponding set of visualizations.
- When no country name is identified for any call in the Call Detail visualization, the Caller Location map is inactive. If at least one call in the Call Detail visualization identifies a country, the map is active.
- When you alter filters or set a filter in a graphic the re-rendering may take time. The time is proportional to the amount of the data needed for the canvas. When a re-rendering takes too long, you may want to click Stop in navigation bar (to the right) and click again to re-initiate the rendering.
- When different calls contain numbers for which the first 30 digits are identical, OCSS Analytics considers them as the same number and not as unique numbers.
WARNING:
Regarding the following operations, Oracle strongly recommends that you never make changes to the default analytics Project. Always Duplicate the Default Analytics Project and move it out of the OCSS folder before making any changes.- When you click the
icon to the right of the last tab in the bottom row, Security Shield displays a blank canvas for creating one of your own design. If you do not see the Add icon, you are not assigned to the required OCSSAnalyticsEditor group. See "User Groups and Privileges" in the Security Shield Installation and Maintenance Guide.
- When you right-click the tabs at the bottom of the canvas, Security Shield displays controls for working with the canvas, such as Rename, Delete Canvas, Copy Canvas, Duplicate, Clear Canvas, and Canvas Properties.
- When you add or change data attributes and calculations on an existing canvas, Security Shield updates the visualizations and tables on the canvas. Oracle recommends that you use caution when adding or changing data attributes or calculations because the result may not be as intended due to the new combination of elements. You may need to fine-tune your selections to get the results you want, especially when you apply trellis columns and trellis rows to a visualization. In addition, the changes may result in longer load times for the canvas to display.
- When you try to add a format to a canvas that the data type does not support, the canvas displays "unavailable". For example, suppose you try to add Trellis Rows to a canvas for Call Classification by Reputation Score. The canvas displays "unavailable" in the gray column to the left of the canvas.
Policy Results Statistics Attributes
The following table lists and describes the attributes Oracle® Communications Security Shield Cloud Service (Security Shield) displays for creating custom Policy Results Statistics reports.
Table 13-1 Attributes for Use by Customers
Attributes | Description |
---|---|
Note: On-screen, an icon precedes each Policy Results Statistics attribute to identify the data type. |
|
ACL Action | Indicates the Access Control List (ACL) action Security Shield applied. |
Aggregated Time | Indicates the time at which the record was written to the database. |
Call End Time | The ending time of a call.
The Call End
time might not display when:
|
Call Frequency Limit Exceeded | Indicates that the number of successful calls made to a destination phone number exceeds the frequency threshold limit. |
Call Insights | Provides the following information:
|
Call Reputation Grade |
The Call Reputation Grade based on the Reputation Score.
The Reputation grades include:
Note: When the call score is -1, unknown indicates the call is blocked by the customer's blocklist and Security Shield did not perform the reputation score calculation. |
Call Stage | The stage of the call associated with the call record. For example: initiate, mid-call (where Security Shield provides an updated policy to the Session Border Controller) , terminate, and update (where the Session Border Controller sends additional information to Security Shield). |
Call Start Time | The time at which the call started.
Note: Call Start Time always displays a value. |
Call Terminate State Trigger | Describes the trigger that lead the call to the determinant stage. |
Call Termination Initiator | Describes the actor that terminated the call. For example, the caller, callee, Session Border Controller, Security Shield, or other. |
Call Termination Reason | Describes the reason for call termination. For example: Canceled, Bye, noAnswer, errorResponse, or other. |
Call Type | The call type in policy context. For example,International, Suspect, Toll Free, Premium Rate Service, and National. |
Called Number | The called number from the TO header of the SIP call. |
Called Number Score | The score assigned by Security Shield to the called number. |
Calling Number | The calling number on record from the FROM header of the SIP call. |
Calling Number Score | The score assigned by Security Shield to the calling number. |
Carrier Name | The name of the telecom carrier of record. When Security Shield records do not contain carrier information for the calling number field, Security Shield leaves the field empty. |
Country Name | The location of the Calling Number for inbound Calls. |
Enforcement Action | Comments about why the system applied a particular
enforcement action. Comments include the following:
|
Enforcement Action Trigger | The trigger causing Security Shield to apply the final outcome.
Triggers
include:
|
Final Outcome | The enforcement action Security Shield applied, as determined by the Policy Decision Engine
based on policy rules.
Call actions include:
|
Ingress | A call direction parameter where "true" means the call is inbound and "false" means the call is outbound. |
Lookup Number | The phone number sent from the Session Border Controller
to the Policy Decision Engine for enforcement determination.
|
PAI Display Name | The display name from the P-Asserted Identity header containing a name for the identified user. |
PAI Host | The host domain portion of the P-Asserted Identity header. |
PAI | The user portion of the P-Asserted-Identity header. |
PDE Call End Time | The time at which the Policy Decision Engine initiates termination of a dangling call. |
PDE Server ID | The unique ID of the Policy Decision Engine server. Used by Oracle personnel. |
Phone Type | Indicates the type of device used to make the call. Devices include Fixed Line, Pager, Restricted or Premium, Toll Free, Voice Mail, and VoIP. Other results include Other, Null, and Unavailable. |
Policies Applied Policy | The trigger causing Security Shield to apply the final outcome determined by the Policy
Decision Engine.
Triggers include:
|
Policies Decision | Indicates whether or not the Fraud Detect Rule policy was applied. Values: True | False. |
Policy Response Time | The number of milliseconds added to the call to send the policy request to the Policy Decision Engine, receive the policy response, and act on the response. |
Policy Version | The version of the applied policy. |
Realm | The realm for incoming and outgoing calls. |
Reputation Call Score Count | The distribution for the configured time period for the reputation score by Call Stage, Call Start Time, Calling Number, Carrier Name, Country Name, Enforcement Action, and Reputation Call Score. |
Reputation Call Score | The reputation score for the call. |
SBC Receive Time | The time at which the Policy Decision Engine receives the request from the Session Border Controller. |
SBC Response Time | The time at which the Policy Decision Engine sends the response to the Session Border Controller. |
SBC Server ID | The unique ID of the Session Border Controller server. |
Service Provider | The name of the service provider. |
Session ID | An encoded Base64 combination of the Call Timestamp, SBC ID, SIP Thread ID, Call ID, From tag, and Realm. |
Stats ID Count | Indicates the number calls based on StatsId. |
Table 13-2 Attributes Reserved for Oracle Personnel
Attribute | Descriptions |
---|---|
Aggregated Time | The time at which the record was written into the database. Used by the Security Shield Team for tracking and debugging. |
GBUA Processed Timestamp | Used by the Security Shield team for tracking and debugging purposes. |
Reputation Call Score Count | The count of the reputation score for a call. |
Stats ID Count | The call count number based on Stats ID. |
Policy Results Threats Attributes
The following table lists and describes the attributes Oracle® Communications Security Shield Cloud Service (Security Shield) displays for creating custom Policy Threats reports.
Table 13-3 Attributes for Use by Customers
Attributes | Description |
---|---|
Note: On-screen, an icon precedes each Policy Results Threat attribute to identify the data type. |
|
Action Taken | The action Security Shield performed after detecting the threat. |
Aggregated Time | Indicates the time at which the record was written to the database. |
Alert Reason | The text of the alert for a specific threat. Alerts
include the following:
|
Applied Policy | The name of the applied policy. For example, Fraud Detect Rule. |
Call End Time | The ending time of a call.
The Call End
time might not display when:
|
Call Insights | Provides the following information:
|
Call Frequency Limit Exceeded | Indicates that the number of successful calls made to a destination phone number exceeds the frequency threshold limit. |
Call Reputation Grade |
The Call Reputation Grade based on the Reputation Score.
The Reputation grades include:
Note: When the call score is -1, unknown indicates the call is blocked by the customer's blocklist and Security Shield did not perform the reputation score calculation. |
Call Score | The reputation score for the call. |
Call Stage | The stage of the call associated with the call record. For example: initiate, mid-call, terminate, and update. |
Call Start Time | The time at which the call started.
Note: Call Start Time always displays a value. |
Call Terminate State Trigger | Describes the trigger that lead the call to the determinant stage. |
Call Termination Initiator | Describes the actor that terminated the call. For example, the caller, callee, Session Border Controller, Security Shield, or other. |
Call Termination Reason | Describes the reason for call termination. For example: Canceled, Bye, noAnswer, errorResponse, or other. |
Call Type | The call type in policy context. For example,International, Suspect, Toll Free, Premium Rate Service, and National. |
Called Number | The called number from the TO header of the SIP call. |
Called Number Score | The score assigned by Security Shield to the called number. |
Calling Number | The calling number on record from the FROM header of the SIP call. |
Calling Number Score | The score assigned by Security Shield to the called number. |
Carrier Name | The name of the telecom carrier of record. If no data is provided, Security Shield cannot know or access this information. When Security Shield records contain no carrier for this calling number, the field displays empty. |
Country Name | The location of the Calling Number for inbound Calls. |
Decision | The decision for whether or not the policy was applied.
Values: True | False.
Note: This field must be Boolean and cannot be null or missing. |
Enforcement Action Comment | Comments about why Security Shield performed the particular action. Comments include the
following:
|
Enforcement Action Trigger | The trigger causing Security Shield to apply the final outcome.
Triggers
include:
|
Final Outcome | The enforcement action Security Shield applied, as determined by the Policy Decision Engine
based on policy rules.
Call actions include:
|
Ingress | A call direction parameter. Values: True-indicates the call is inbound. False-indicates the call is outbound. |
Lookup Number | The phone number sent from the Session Border Controller
to the Policy Decision Engine for enforcement determination.
|
PDE Call End Time | The time at which the Policy Decision Engine initiates termination of a dangling call. |
PDE Server ID | The unique ID of the Policy Decision Engine server. Used by Oracle personnel. |
Policy Response Time | The number of milliseconds added to the call to send the policy request to the Policy Decision Engine, receive the policy response, and act on the response. |
Policy Version | The version of the applied policy. |
Realm | The realm for incoming and outgoing calls. |
SBC Receive Time | The time at which the Policy Decision Engine receives the request from the Session Border Controller. |
SBC Receive Time | The time at which the Policy Decision Engine receives the request from the Session Border Controller. |
SBC Response Time | The time at which the Policy Decision Engine sends the response to the Session Border Controller. |
SBC Server ID | The unique ID of the Session Border Controller server. |
Service Provider | Name of the Service Provider |
Threat Count | The total number of calls received based on the Threat ID. |
Threat ID | The unique ID of the particular threat associated with a call. |
Threat Timestamp | The timestamp showing when Security Shielddetected the threat. |
Threat Vector Type | The name of the threat vector.
Threat
vectors include:
|
Table 13-4 Attributes Reserved for Oracle Personnel
Attribute | Description |
---|---|
Aggregated Time | The time at which the record was written to the database. Used by Oracle employees for tracking and debugging. |
GBUA Processed Timestamp | Used by the Security Shield team for tracking and debugging purposes. |
PDE Server ID | The unique ID of the Policy Decision Engine server. |
Policy Response Time | The number of milliseconds added to the call to send the policy request to the Policy Decision Engine, receive the policy response, and act on the response. |
Calculation Attributes for Custom Call Reports
To refine the data displayed in an analytics canvas, you can apply the calculation attributes listed in the attributes pane. In the attributes pane, click My Calculations to see the list of parameters. The following topics lists and describe the calculation parameters.
Calculation Attributes for Use in Policy Results Stats Reports
Calculation Attributes for Use in Policy Results Threats Reports
Note:
For more information about creating your own calculations, see the Oracle Analytics Server and Oracle Business Intelligence Enterprise Edition at Oracle.com.Calculation Attributes for Use in Policy Results Stats Reports
You can use the following Calculation Attributes in your Policy Results Stats reports.
Table 13-5 Policy Stats Reports Attributes
Attributes | Descriptions |
---|---|
Call Duration (HH:MM:SS) | Calculates the call duration between the Call Start Time and the Call End Time displayed in HH:MM:SS format. This field can be empty when there is no Call End Time received for a particular call. |
Call Reputation Grade Stats Classification | Groups the call classifications from the reputation score into Critical Risk, Severe Risk, Significant Risk, High Risk, Suspicious, Acceptable, and Good for the visualization. |
Latest Call Reputation Grade Stats Classification | The level of risk you want reported. Low, Medium, or High. |
Max Duration | The maximum call duration of all the calls made from a particular calling number. |
Reputation Score Average | Average of all the reputation scores received at that instant. |
States/Provinces | The state or province you want reported. |
Stats-Agent DID | The calling number from the FROM header in the SIP call. |
Stats-Call Grade-Classification | Groups the call classifications based on the Reputation Call Score into the categories below. |
Stats-Call Start Time-MM-DD-YYYY | The day, time, and year range for reporting. |
Stats-Enforcement Action | Indicates why a particular action is applied. |
Stats-Enforcement Action-Classification | Groups the call classifications based on the Enforcement Action Trigger into the categories below. |
Stats-Final Outcome | The action taken against the call. |
Stats-Location Name | The country source of the Calling Number for inbound Calls. |
Stats-Number Group | Groups all the calls coming from a particular number. |
Stats-Top15 Carriers | The top 15 carriers passing calls to your telecommunications network for the period. |
Top 10 Called Number | Top 10 unique called numbers by based on number of occurrences in the TO header of the SIP call. |
Top 10 Calling Number | Top 10 unique calling numbers based on number of occurrences in FROM header of the SIP call. |
Total Call Count |
Note:
Do not use the parameters in the preceding list in Policy Results Threats reports. See Calculation Attributes for Use in Policy Results Threats Reports for the parameters you can use.Calculation Attributes for Use in Policy Results Threats Reports
You can use the following Calculation Attributes in your Policy Results Threats Reports.
Table 13-6 Attributes for Policy Results Threats Reports
Attributes | Description |
---|---|
Call Reputation Grade Threats Classification | Groups the call classifications from the reputation score for threats into Critical Risk, Severe Risk, Significant Risk, High Risk, Suspicious, Acceptable, and Good visualization. |
States/Provinces | The state or province you want reported. |
Threats-Call Count | Total number of threats identified by Security Shield. |
Threats-Enforcement Action-Comment | The comment about why a particular threat is detected. |
Threats-Location Name | The source country of the Calling Number for which the threat is detected. |
Threats-Number Group | Groups all the threats coming from a particular number. |
Threats-Source Top 15 by Carrier | The top 15 carriers passing threats to your telecommunications network. |
Total Threat Count | Indicates the number of unique threat-call records identified by Security Shield. |
Threats-Threat Vector Proper | The type of threat detected . |
Note:
Do not use the parameters in the preceding list in Policy Results Stats reports. See Calculation Attributes for Use in Policy Results Stats Reports for the parameters you can use.Create Customized Analytics Projects
As a privileged user, you can create custom Oracle® Communications Security Shield Cloud Service (Security Shield) analytics projects to see the type of data you want in the format you want. You can create the projects with the attributes, calculations, data types, and formats that you choose.
- Confirm that you are assigned to the OCSSAnalyticsEditor group. See "User Groups and Privileges" in the Security Shield Installation and Maintenance Guide.
- Create a Folder for Storing Analytics Projects other than in the OCSS folder.
- Duplicate the Default Analytics Project to start a new project. Oracle recommends that you always use the most recent Security Shield default Project. For example, OCSS 2.0 is newer than OCSS.
- Move a Security Shield Analytics Project Out of the OCSS Folder for safe keeping.
- See Policy Results Statistics Attributes, Policy Results Threats Attributes, and Calculation Attributes for Custom Call Reports for descriptions of the data types available for the analytics reports you want to create.
Note:
Do not combine attributes from Policy Result Stats and Policy Result Threats on the canvas. For example, do not put an attribute from Policy Results Stats into a Policy Results Threats visualization. Use only the attributes listed under the report type in use. The same rule applies when adding custom calculations.- For important information about saving custom analytics reports, see Save Analytics Projects.
Security Shield Analytics Export
Sometimes you might want to save or further examine information from the Oracle® Communications Security Shield Cloud Service (Security Shield) analytics canvas or share it with other trusted parties. You might also want to capture the same types of information on another of your other Security Shield tenancies. To accomplish those goals, you can export analytics data, graphs, and canvases to save and use as needed.
- Data from a single report displayed on the canvas
- The whole canvas
- A graphical image of a single report or the whole canvas
- When you want to export data, choose the .csv format. Security Shield delivers the data in an Excel
spreadsheet, which you can view and save immediately.
Note:
Security Shield can export approximately one million entries in a spreadsheet. - When you want to export a canvas to save for backup or possibly a roll back, choose the Package .dva format. Security Shield delivers the canvas in a .dva file that you can save and upload when needed.
- When you want to export a graphical image of a canvas or report, choose the PowerPoint, Acrobat, or Image format. Security Shield delivers the file in the selected format, which you can view and save immediately.
Export Analytics Data from Security Shield
When you want to keep or further examine data from the Oracle® Communications Security Shield Cloud Service (Security Shield) analytics reports, you can export the data to a .csv file to save locally.
- You must be assigned to the OCSSAnalyticsUser role to perform the following procedure.
Note:
Security Shield can export approximately one million records in a spreadsheet.Export an Analytics Canvas from Security Shield
You can save an Security Shield analytics canvas locally by exporting and saving it to a local folder.
- You must be assigned to the OCSSAnalyticsUser role to perform the following procedure.
Use the following procedure for each canvas you want to export. Security Shield does not export multiple canvases at the same time.
Export an Analytics Graph from Security Shield
When you want to keep or further examine Oracle® Communications Security Shield Cloud Service (Security Shield) analytics graphs, you can export the graphs as Image, PDF, or PowerPoint files that you can save locally.
- You must be assigned to the OCSSAnalyticsUser role to perform the following procedure.
Use the following procedure for each report on the canvas that you want to export as a graphic. Security Shield does not export multiple reports at the same time. When you click a report, Security Shield puts a frame around it to indicate it is the active one.
Update Custom Analytics Canvases
Some Oracle® Communications Security Shield Cloud Service (Security Shield) updates contain new data points that you can add to your existing custom analytics canvases. For example, My Calculations, Policy Results Statistics, or Policy Results Threats might contain new data points. See the What's New document to learn about any new data points.
To add a new data point to an existing analytics canvas, you open the canvas and drag and drop the new data point onto the canvas from the list in the navigation pane.
Save Analytics Projects
When Oracle upgrades Security Shield, the process may overwrite the default project and will remove all other projects in the OCSS folder. Oracle strongly recommends removing all projects you want to keep from the OCSS folder and saving them elsewhere. You may want to keep local copies, as well. In this way, your projects will be available for use in disaster recovery, roll-back, and upgrade scenarios.
- Create a Folder for Storing Analytics Projects—Applies when you want to save your analytics canvases in a folder other than the OCSS folder.
- Duplicate the Default Analytics Project—Applies when you want to preserve or modify the default canvas.
- Move a Security Shield Analytics Project Out of the OCSS Folder—Applies to all analytics reports you want to preserve for future use.
- Export an Analytics Canvas from Security Shield—Applies to all analytics reports that you want to save
locally.
Note:
When you re-import a locally saved canvas into a newer version of Security Shield, the canvas retains the look and functionality of the release of origin.
Duplicate the Default Analytics Project
To preserve the default Oracle® Communications Security Shield Cloud Service (Security Shield) analytics project, duplicate it and move it out of the OCSS folder. You can also use the following procedure to duplicate any of your custom analytics reports.
Oracle periodically updates the default Project and versions its name. For example, OCSS-2.0 is newer than OCSS. Use the most recent default Project.
After you perform the following procedure be sure to save the duplicate in a folder other than the OCSS default folder because the software upgrade process may overwrite the default projects and will remove any other projects in the default folder.
Note:
Oracle recommends that you never directly modify a default project. Create a duplicate and modify the duplicate.Create a Folder for Storing Analytics Projects
Before you create a new Oracle® Communications Security Shield Cloud Service (Security Shield) project or move an existing project out of the default OCSS folder, you need a destination folder.
In the following procedure, you use the action menu on the default canvas to create a new folder.
- Move a Security Shield Analytics Project Out of the OCSS Folder into your new folder.
Move a Security Shield Analytics Project Out of the OCSS Folder
If the OCSS folder contains any projects you created or customized, Oracle strongly recommends moving them to a different folder because the upgrade process may overwrite the default project and will remove any other projects in the OCSS folder. Move projects to another folder if you want to preserve them.
To move your analytics projects for safe keeping, access the OCSS folder and move them to the folder of your choice.