Security Shield Call Traffic Analytics

13 Security Shield Call Traffic Analytics

Oracle® Communications Security Shield Cloud Service (Security Shield) provides analytics that can help you investigate your inbound and outbound call traffic, as well as anomalies, suspicious behavior, and malicious traffic. You can access analytics through the Security Shield Dashboard.

Topics:

Call Traffic Analytics Default Display

When you click the Analytic Reports button on the Oracle® Communications Security Shield Cloud Service (Security Shield) Dashboard, Security Shield opens the directory containing all analytics reports, called Projects. When you click the default Project, Security Shield displays the default set of canvases and opens to the Stats by Carrier/Country canvas.

Note:

Oracle periodically updates the default Project and versions its name. For example, OCSS-2.0 is newer than OCSS.

The following screen capture shows the Stats by Carrier/Country canvas as an example. Like all canvases, the display includes a combination of elements such as data attributes (located above the Call Classifications Reputation Score visualization), doughnut graphs, bar graphs, tables, and maps. The panel at the far left contains the attributes, elements, and formats privileged users can apply to the canvas. The panel between the far left panel and the canvas shows the attributes, elements, and formats used on the canvas in focus. Click the tabs at the bottom of the screen to see the other default canvases.

This screen capture shows the default analytics canvas. The left pane shows a collapsed view of the data points and format controls. The center pane shows the Stats by Carrier/Country tab, which is the default view, along with the other tabs that you can click to see more data.

Note:

Oracle recommends that you use filters to limit the amount of data that is loaded for maximum efficiency. If you set the filters to the full 30 days, with all other filters disabled, loading times may be longer because the loading time is a function of the data size.

The following table lists the tabs, data visualizations, and data attributes displayed on each of the default Security Shield canvases. For more information about each visualization, hover over the data elements in the visualizations and click the data attributes on the canvas. You can also use combinations of the attributes to see more or less data or different types of data. The visualizations on the canvas adjust to display details that correspond to the attributes you apply.

Note:

You can create customized versions of the default Projects with any of the attributes and formats listed in the left pane. Be sure to customize only a duplicate of the default Project; never the original.

Tabs	Descriptions
Stats by Carrier/Country	Filters calls based on Date, Time, Calls Score Classification, and the Enforcement action Security Shield applied. You can also filter on the Carrier and Country of origin.
Fraud Type by Carrier/Country	Filters calls based on Date, Time, Fraud Type, Score severity, and the Enforcement action Security Shield applied. You can also filter on the Carrier and Country of origin.
Country Statistics and Fraud Summary	Filters calls based on Country, Dialed Number, Date, Time, and Fraud Type.
Carrier Statistics and Fraud Summary	Filters on Inbound Carrier, Dialed Number, Date, Time, and Fraud type.
Short Calls	Captures calls with durations under 10 seconds. Note: Although the duration does not trigger an enforcement action, you may find the data useful for identifying Account Takeover attempts, RoboCalls, and other Fraud attempts.
Neighbor Spoofing	Captures repeated calls from the same area code and prefix. Abnormal volumes of such traffic may indicate Neighbor Spoofing or an attempt to illicit a response to a call by spoofing a local phone number. Security Shield detects such patterns and dynamically adjusts the call score. You can configure Security Shield to block and redirect such calls.
Inbound Number Analysis	Filters calls based on Date, Time, Type of Fraud, Frequency of each Calling Number, Frequency of each Called Number, Carrier, and Country of origin.
Total Calls Table	Displays raw data related to every transaction processed through Security Shield. You can filter and sort the data by any data point in the table. You can export the data as a .CSV file for saving of further examination.
Call Stats	Displays a high-level, but detailed view of calls during the selected time period. The default view shows aggregate call totals and highlights inbound versus outbound, Session Border Controller location and score category distribution. Also shows the top ten FROM and To numbers and trend analysis of Call Enforcement, Call Rate, and Call Reputation Score.

Note:

Oracle recommends that you do not alter the default canvas. Instead, Duplicate the Default Analytics Project and alter the duplicate. After duplicating, be sure to Move a Security Shield Analytics Project Out of the OCSS Folder.

Change the Default Analytics Reports Display for Editing

The Oracle Analytics landing page defaults to the view-only mode, which does not allow editing. The OCSSAnalyticsEditor can edit the Call Statistics and the Call History reports, but must change the mode before editing is possible.

Procedure

The OCSSAnalyticsEditor must change the report mode (displayed in the URL) from the default "presentation" mode to the editing mode, called "full" mode. In this way, the OCSSAnalyticsEditor can edit the Call Statistics report and the Call History report, which are linked to the respective tiles on the Security Shield Dashboard.

Click Analytics Reports on the Dashboard.
On the Oracle Analytics page, locate the word presentation in the URL.
Change presentation to full.

Call Traffic Analytics Display Operations

All Oracle® Communications Security Shield Cloud Service (Security Shield) analytics canvases operate with the same behaviors and controls.

When you click a particular part of the graphic in a visualization, the other visualizations on the canvas automatically adjust to filter on the same data point. For example, on the Stats by Carrier/Country canvas, suppose you click Medium Risk on the Call Classification by Reputation Score visualization. The data on all the other visualizations and tables changes to reflect data about only the Medium Risk calls.
When you click an attribute at the top of the canvas, Security Shield displays a dialog for customizing the attribute. The parameters you set apply to all visualizations on the canvas.
When you want to clear a filter in a visualization, click outside the visualization.
When you want to clear all filters, move your cursor into the white space above the canvas. Security Shield displays a second hamburger menu. Click the menu and click either Clear All Selections or Remove All Filters.
When you click a tab at the bottom of the canvas, Security Shield displays the corresponding set of visualizations.
When no country name is identified for any call in the Call Detail visualization, the Caller Location map is inactive. If at least one call in the Call Detail visualization identifies a country, the map is active.
When you alter filters or set a filter in a graphic the re-rendering may take time. The time is proportional to the amount of the data needed for the canvas. When a re-rendering takes too long, you may want to click Stop in navigation bar (to the right) and click again to re-initiate the rendering.
When different calls contain numbers for which the first 30 digits are identical, OCSS Analytics considers them as the same number and not as unique numbers.

WARNING:

Regarding the following operations, Oracle strongly recommends that you never make changes to the default analytics Project. Always Duplicate the Default Analytics Project and move it out of the OCSS folder before making any changes.

When you click the icon to the right of the last tab in the bottom row, Security Shield displays a blank canvas for creating one of your own design. If you do not see the Add icon, you are not assigned to the required OCSSAnalyticsEditor group. See "User Groups and Privileges" in the Security Shield Installation and Maintenance Guide.
When you right-click the tabs at the bottom of the canvas, Security Shield displays controls for working with the canvas, such as Rename, Delete Canvas, Copy Canvas, Duplicate, Clear Canvas, and Canvas Properties.
When you add or change data attributes and calculations on an existing canvas, Security Shield updates the visualizations and tables on the canvas. Oracle recommends that you use caution when adding or changing data attributes or calculations because the result may not be as intended due to the new combination of elements. You may need to fine-tune your selections to get the results you want, especially when you apply trellis columns and trellis rows to a visualization. In addition, the changes may result in longer load times for the canvas to display.
When you try to add a format to a canvas that the data type does not support, the canvas displays "unavailable". For example, suppose you try to add Trellis Rows to a canvas for Call Classification by Reputation Score. The canvas displays "unavailable" in the gray column to the left of the canvas.

Policy Results Statistics Attributes

The following table lists and describes the attributes Oracle® Communications Security Shield Cloud Service (Security Shield) displays for creating custom Policy Results Statistics reports.

Table 13-1 Attributes for Use by Customers

Attributes	Description
Note: On-screen, an icon precedes each Policy Results Statistics attribute to identify the data type.	# - The data type is numeric. A - The data type is text. Clock - The data type is time.
ACL Action	Indicates the Access Control List (ACL) action Security Shield applied.
Aggregated Time	Indicates the time at which the record was written to the database.
Call End Time	The ending time of a call. The Call End time might not display when: one of the parties has not terminated the call. a network provider or a system in your organization's network has not canceled the call. when Security Shield has not received the call termination update to Security Shield. when the Session Border Controller has not sent the call termination update to Security Shield.
Call Frequency Limit Exceeded	Indicates that the number of successful calls made to a destination phone number exceeds the frequency threshold limit.
Call Insights	Provides the following information: Application-to-Person (A2P)—Reason codes specific to application-to-person messaging. For example, verification codes, appointment reminders, One Time Passcodes, verification messages, or other calls sent to a user. Person-to-Person (P2P)—Reason codes specific to human-to-human calls. Number Type—The line type or phone type information. Activity—Reason codes related to the amount of activity Security Shield observed for the number, compared to what is expected for a good user. For example, the number of communications transactions to or from the number, the quantity of unique numbers communicated with, and the number of accounts communicated with. Alert reasons and names displayed in the notification message text include: ACL Match—acl match ACL Match and Allow—allowed CLI Spoofing Suspected—invalid numbers (to=from) Country Code (Destination) Does Not Exist—invalid country code International Calls Fraud Suspected—fraud-like activity Suspected Fraudulent Destination—high-risk destination Suspected Toll Fraud—toll fraud-like activity Suspected Traffic Pumping—traffic pumping-like activity
Call Reputation Grade	The Call Reputation Grade based on the Reputation Score. The Reputation grades include: Critical Risk High Risk Significant Risk Severe Risk Suspicious Good Acceptable Unknown Note: When the call score is -1, unknown indicates the call is blocked by the customer's blocklist and Security Shield did not perform the reputation score calculation.
Call Stage	The stage of the call associated with the call record. For example: initiate, mid-call (where Security Shield provides an updated policy to the Session Border Controller) , terminate, and update (where the Session Border Controller sends additional information to Security Shield).
Call Start Time	The time at which the call started. Note: Call Start Time always displays a value.
Call Terminate State Trigger	Describes the trigger that lead the call to the determinant stage.
Call Termination Initiator	Describes the actor that terminated the call. For example, the caller, callee, Session Border Controller, Security Shield, or other.
Call Termination Reason	Describes the reason for call termination. For example: Canceled, Bye, noAnswer, errorResponse, or other.
Call Type	The call type in policy context. For example,International, Suspect, Toll Free, Premium Rate Service, and National.
Called Number	The called number from the TO header of the SIP call.
Called Number Score	The score assigned by Security Shield to the called number.
Calling Number	The calling number on record from the FROM header of the SIP call.
Calling Number Score	The score assigned by Security Shield to the calling number.
Carrier Name	The name of the telecom carrier of record. When Security Shield records do not contain carrier information for the calling number field, Security Shield leaves the field empty.
Country Name	The location of the Calling Number for inbound Calls.
Enforcement Action	Comments about why the system applied a particular enforcement action. Comments include the following: Suspected Toll Fraud Suspected Traffic Pumping Suspected Anonymous FDCPA rule enforced ACL Allow Enforced ACL Exclude Enforced Blocklist Enforced CLI Verification Failed Score Enforced
Enforcement Action Trigger	The trigger causing Security Shield to apply the final outcome. Triggers include: Anonymous Call center call Enterprise lookup (for outbound calls) Fraud risk Managed list Outbound call frequency limit Reputation score Spam risk STIR TN validation unsuccessful Spoofed call Third party Threats
Final Outcome	The enforcement action Security Shield applied, as determined by the Policy Decision Engine based on policy rules. Call actions include: Allow Exclude Redirect Reject Rate limit
Ingress	A call direction parameter where "true" means the call is inbound and "false" means the call is outbound.
Lookup Number	The phone number sent from the Session Border Controller to the Policy Decision Engine for enforcement determination. Inbound calls—When the SIP INVITE includes a P-Asserted Identity (PAI) header, Security Shield sends the User portion of the PAI header in the Lookup Number field. When the SIP INVITE includes multiple PAI headers, Security Shield uses the phone number of the first tel PAI header. When no tel PAI header exists, Security Shield uses the User portion of the first SIP PAI header. Outbound calls—Security Shield sends the User portion of the TO header.
PAI Display Name	The display name from the P-Asserted Identity header containing a name for the identified user.
PAI Host	The host domain portion of the P-Asserted Identity header.
PAI	The user portion of the P-Asserted-Identity header.
PDE Call End Time	The time at which the Policy Decision Engine initiates termination of a dangling call.
PDE Server ID	The unique ID of the Policy Decision Engine server. Used by Oracle personnel.
Phone Type	Indicates the type of device used to make the call. Devices include Fixed Line, Pager, Restricted or Premium, Toll Free, Voice Mail, and VoIP. Other results include Other, Null, and Unavailable.
Policies Applied Policy	The trigger causing Security Shield to apply the final outcome determined by the Policy Decision Engine. Triggers include: Threats Managed List Reputation Score Action Third Party Enterprise Lookup
Policies Decision	Indicates whether or not the Fraud Detect Rule policy was applied. Values: True \| False.
Policy Response Time	The number of milliseconds added to the call to send the policy request to the Policy Decision Engine, receive the policy response, and act on the response.
Policy Version	The version of the applied policy.
Realm	The realm for incoming and outgoing calls.
Reputation Call Score Count	The distribution for the configured time period for the reputation score by Call Stage, Call Start Time, Calling Number, Carrier Name, Country Name, Enforcement Action, and Reputation Call Score.
Reputation Call Score	The reputation score for the call.
SBC Receive Time	The time at which the Policy Decision Engine receives the request from the Session Border Controller.
SBC Response Time	The time at which the Policy Decision Engine sends the response to the Session Border Controller.
SBC Server ID	The unique ID of the Session Border Controller server.
Service Provider	The name of the service provider.
Session ID	An encoded Base64 combination of the Call Timestamp, SBC ID, SIP Thread ID, Call ID, From tag, and Realm.
Stats ID Count	Indicates the number calls based on StatsId.

Table 13-2 Attributes Reserved for Oracle Personnel

Attribute	Descriptions
Aggregated Time	The time at which the record was written into the database. Used by the Security Shield Team for tracking and debugging.
GBUA Processed Timestamp	Used by the Security Shield team for tracking and debugging purposes.
Reputation Call Score Count	The count of the reputation score for a call.
Stats ID Count	The call count number based on Stats ID.

Policy Results Threats Attributes

The following table lists and describes the attributes Oracle® Communications Security Shield Cloud Service (Security Shield) displays for creating custom Policy Threats reports.

Table 13-3 Attributes for Use by Customers

Attributes	Description
Note: On-screen, an icon precedes each Policy Results Threat attribute to identify the data type.	# - The data type is numeric. A - The data type is text. Clock - The data type is time.
Action Taken	The action Security Shield performed after detecting the threat.
Aggregated Time	Indicates the time at which the record was written to the database.
Alert Reason	The text of the alert for a specific threat. Alerts include the following: Suspicious No Value call:spam_risk Suspicious No Value call:spoofed_call Suspicious No Value call:call_center_call Suspicious No Value call:fraud_risk Invalid/CLI Spoofing Malicious Behavior Detected Suspected Traffic Pumping
Applied Policy	The name of the applied policy. For example, Fraud Detect Rule.
Call End Time	The ending time of a call. The Call End time might not display when: one of the parties has not terminated the call. a network provider or a system in your organization's network has not canceled the call. when Security Shield has not received the call termination update to Security Shield. when the Session Border Controller has not sent the call termination update to Security Shield.
Call Insights	Provides the following information: Application-to-Person (A2P)—Reason codes specific to application-to-person messaging. For example, verification codes, appointment reminders, One Time Passcodes, verification messages, or other calls sent to a user. Person-to-Person (P2P)—Reason codes specific to human-to-human calls. Number Type—The line type or phone type information. Activity—Reason codes related to the amount of activity Security Shield observed for the number, compared to what is expected for a good user. For example, the number of communications transactions to or from the number, the quantity of unique numbers communicated with, and the number of accounts communicated with. Alert reasons and names displayed in the notification message text include: ACL Match—acl match ACL Match and Allow—allowed CLI Spoofing Suspected—invalid numbers (to=from) Country Code (Destination) Does Not Exist—invalid country code International Calls Fraud Suspected—fraud-like activity Suspected Fraudulent Destination—high-risk destination Suspected Toll Fraud—toll fraud-like activity Suspected Traffic Pumping—traffic pumping-like activity
Call Frequency Limit Exceeded	Indicates that the number of successful calls made to a destination phone number exceeds the frequency threshold limit.
Call Reputation Grade	The Call Reputation Grade based on the Reputation Score. The Reputation grades include: Critical Risk High Risk Significant Risk Severe Risk Suspicious Good Acceptable Unknown Note: When the call score is -1, unknown indicates the call is blocked by the customer's blocklist and Security Shield did not perform the reputation score calculation.
Call Score	The reputation score for the call.
Call Stage	The stage of the call associated with the call record. For example: initiate, mid-call, terminate, and update.
Call Start Time	The time at which the call started. Note: Call Start Time always displays a value.
Call Terminate State Trigger	Describes the trigger that lead the call to the determinant stage.
Call Termination Initiator	Describes the actor that terminated the call. For example, the caller, callee, Session Border Controller, Security Shield, or other.
Call Termination Reason	Describes the reason for call termination. For example: Canceled, Bye, noAnswer, errorResponse, or other.
Call Type	The call type in policy context. For example,International, Suspect, Toll Free, Premium Rate Service, and National.
Called Number	The called number from the TO header of the SIP call.
Called Number Score	The score assigned by Security Shield to the called number.
Calling Number	The calling number on record from the FROM header of the SIP call.
Calling Number Score	The score assigned by Security Shield to the called number.
Carrier Name	The name of the telecom carrier of record. If no data is provided, Security Shield cannot know or access this information. When Security Shield records contain no carrier for this calling number, the field displays empty.
Country Name	The location of the Calling Number for inbound Calls.
Decision	The decision for whether or not the policy was applied. Values: True \| False. Note: This field must be Boolean and cannot be null or missing.
Enforcement Action Comment	Comments about why Security Shield performed the particular action. Comments include the following: Suspected Toll Fraud Suspected Traffic Pumping Suspected Anonymous FDCPA rule enforced ACL Allow Enforced ACL Exclude Enforced Blocklist Enforced CLI Verification Failed Score Enforced
Enforcement Action Trigger	The trigger causing Security Shield to apply the final outcome. Triggers include: Anonymous Call center call Enterprise lookup (for outbound calls) Fraud risk Managed list Outbound call frequency limit Reputation score Spam risk STIR TN validation unsuccessful Spoofed call Third party Threats
Final Outcome	The enforcement action Security Shield applied, as determined by the Policy Decision Engine based on policy rules. Call actions include: Allow Exclude Redirect Reject Rate limit
Ingress	A call direction parameter. Values: True-indicates the call is inbound. False-indicates the call is outbound.
Lookup Number	The phone number sent from the Session Border Controller to the Policy Decision Engine for enforcement determination. Inbound calls—When the SIP INVITE includes a P-Asserted Identity (PAI) header, Security Shield sends the User portion of the PAI header in the Lookup Number field. When the SIP INVITE includes multiple PAI headers, Security Shield uses the phone number of the first tel PAI header. When no tel PAI header exists, Security Shield uses the User portion of the first SIP PAI header. Outbound calls—Security Shield sends the User portion of the TO header.
PDE Call End Time	The time at which the Policy Decision Engine initiates termination of a dangling call.
PDE Server ID	The unique ID of the Policy Decision Engine server. Used by Oracle personnel.
Policy Response Time	The number of milliseconds added to the call to send the policy request to the Policy Decision Engine, receive the policy response, and act on the response.
Policy Version	The version of the applied policy.
Realm	The realm for incoming and outgoing calls.
SBC Receive Time	The time at which the Policy Decision Engine receives the request from the Session Border Controller.
SBC Receive Time	The time at which the Policy Decision Engine receives the request from the Session Border Controller.
SBC Response Time	The time at which the Policy Decision Engine sends the response to the Session Border Controller.
SBC Server ID	The unique ID of the Session Border Controller server.
Service Provider	Name of the Service Provider
Threat Count	The total number of calls received based on the Threat ID.
Threat ID	The unique ID of the particular threat associated with a call.
Threat Timestamp	The timestamp showing when Security Shielddetected the threat.
Threat Vector Type	The name of the threat vector. Threat vectors include: Call Center Call Fraud Risk Spam Risk Spoofed Call Toll Fraud Traffic Pumping

Table 13-4 Attributes Reserved for Oracle Personnel

Attribute	Description
Aggregated Time	The time at which the record was written to the database. Used by Oracle employees for tracking and debugging.
GBUA Processed Timestamp	Used by the Security Shield team for tracking and debugging purposes.
PDE Server ID	The unique ID of the Policy Decision Engine server.
Policy Response Time	The number of milliseconds added to the call to send the policy request to the Policy Decision Engine, receive the policy response, and act on the response.

Calculation Attributes for Custom Call Reports

To refine the data displayed in an analytics canvas, you can apply the calculation attributes listed in the attributes pane. In the attributes pane, click My Calculations to see the list of parameters. The following topics lists and describe the calculation parameters.

Calculation Attributes for Use in Policy Results Stats Reports

Calculation Attributes for Use in Policy Results Threats Reports

Note:

For more information about creating your own calculations, see the Oracle Analytics Server and Oracle Business Intelligence Enterprise Edition at Oracle.com.

Calculation Attributes for Use in Policy Results Stats Reports

You can use the following Calculation Attributes in your Policy Results Stats reports.

Table 13-5 Policy Stats Reports Attributes

Attributes	Descriptions
Call Duration (HH:MM:SS)	Calculates the call duration between the Call Start Time and the Call End Time displayed in HH:MM:SS format. This field can be empty when there is no Call End Time received for a particular call.
Call Reputation Grade Stats Classification	Groups the call classifications from the reputation score into Critical Risk, Severe Risk, Significant Risk, High Risk, Suspicious, Acceptable, and Good for the visualization.
Latest Call Reputation Grade Stats Classification	The level of risk you want reported. Low, Medium, or High.
Max Duration	The maximum call duration of all the calls made from a particular calling number.
Reputation Score Average	Average of all the reputation scores received at that instant.
States/Provinces	The state or province you want reported.
Stats-Agent DID	The calling number from the FROM header in the SIP call.
Stats-Call Grade-Classification	Groups the call classifications based on the Reputation Call Score into the categories below.
Stats-Call Start Time-MM-DD-YYYY	The day, time, and year range for reporting.
Stats-Enforcement Action	Indicates why a particular action is applied.
Stats-Enforcement Action-Classification	Groups the call classifications based on the Enforcement Action Trigger into the categories below.
Stats-Final Outcome	The action taken against the call.
Stats-Location Name	The country source of the Calling Number for inbound Calls.
Stats-Number Group	Groups all the calls coming from a particular number.
Stats-Top15 Carriers	The top 15 carriers passing calls to your telecommunications network for the period.
Top 10 Called Number	Top 10 unique called numbers by based on number of occurrences in the TO header of the SIP call.
Top 10 Calling Number	Top 10 unique calling numbers based on number of occurrences in FROM header of the SIP call.
Total Call Count

Note:

Do not use the parameters in the preceding list in Policy Results Threats reports. See Calculation Attributes for Use in Policy Results Threats Reports for the parameters you can use.

Calculation Attributes for Use in Policy Results Threats Reports

You can use the following Calculation Attributes in your Policy Results Threats Reports.

Table 13-6 Attributes for Policy Results Threats Reports

Attributes	Description
Call Reputation Grade Threats Classification	Groups the call classifications from the reputation score for threats into Critical Risk, Severe Risk, Significant Risk, High Risk, Suspicious, Acceptable, and Good visualization.
States/Provinces	The state or province you want reported.
Threats-Call Count	Total number of threats identified by Security Shield.
Threats-Enforcement Action-Comment	The comment about why a particular threat is detected.
Threats-Location Name	The source country of the Calling Number for which the threat is detected.
Threats-Number Group	Groups all the threats coming from a particular number.
Threats-Source Top 15 by Carrier	The top 15 carriers passing threats to your telecommunications network.
Total Threat Count	Indicates the number of unique threat-call records identified by Security Shield.
Threats-Threat Vector Proper	The type of threat detected .

Note:

Do not use the parameters in the preceding list in Policy Results Stats reports. See Calculation Attributes for Use in Policy Results Stats Reports for the parameters you can use.

Create Customized Analytics Projects

As a privileged user, you can create custom Oracle® Communications Security Shield Cloud Service (Security Shield) analytics projects to see the type of data you want in the format you want. You can create the projects with the attributes, calculations, data types, and formats that you choose.

Before You Begin

Confirm that you are assigned to the OCSSAnalyticsEditor group. See "User Groups and Privileges" in the Security Shield Installation and Maintenance Guide.
Create a Folder for Storing Analytics Projects other than in the OCSS folder.
Duplicate the Default Analytics Project to start a new project. Oracle recommends that you always use the most recent Security Shield default Project. For example, OCSS 2.0 is newer than OCSS.
Move a Security Shield Analytics Project Out of the OCSS Folder for safe keeping.
See Policy Results Statistics Attributes, Policy Results Threats Attributes, and Calculation Attributes for Custom Call Reports for descriptions of the data types available for the analytics reports you want to create.

Procedure

In the following procedure, you drag and drop attributes from the Policy Results Stats, Policy Results Threats, or My Calculations lists from the left pane onto the canvas (the blank area in the center pane) or onto the (the blank area above the canvas) to create the analytics report. You can also use the formatting pane (displays between the visualization pane and the canvas after you click a parameter in the visualization pane) to further customize the report.

Note:

Do not combine attributes from Policy Result Stats and Policy Result Threats on the canvas. For example, do not put an attribute from Policy Results Stats into a Policy Results Threats visualization. Use only the attributes listed under the report type in use. The same rule applies when adding custom calculations.

On the Security Shield Dashboard, click Analytics Reports.
Security Shield displays your projects on the Oracle Analytics page.
Click the duplicate project you made previously.
Security Shield opens the project.
On the project, do as many of the following tasks as needed to prepare for creating a new project:
Caution: Security Shield does not ask for confirmation before performing the following operations.
- Clear a canvas completely—Right click the tab for any canvas you want to keep for customizing and click Clear Canvas. Security Shield removes all of the visualizations and keeps the canvas in the project.
- Delete a canvas—Right click the tab (bottom row below the canvas) for any canvas you do not want and click Delete Canvas. Security Shield removes the canvas from the project.
- Rename a canvas—Right click the tab for any canvas you want to keep and click Rename. Security Shield changes only the name of the canvas. The visualizations remain.
- Remove a visualization from a canvas—Click a visualization, click the hamburger menu, and click Delete Visualization. Security Shield removes only the selected visualization.
- Remove an attribute from a canvas—Hover over the attribute (located in the row above the canvas) you want to remove, click the arrow, and click Delete. Security Shield removes the attribute from the canvas.
- Remove a format from the canvas—Select the visualization that uses the format, click the bulls eye icon, hover over the name of the format (the field changes from white to blue), and click the x to delete the format. Security Shield adjusts the visualization accordingly.
- Add a new canvas to the project—Click the + icon at the end of the bottom row of tabs to add a canvas. Security Shield adds a new, blank and unnamed canvas.
In the attributes pane, click the Format icon, scroll though the formats, and drag the format that you want onto the canvas.
Security Shield adds the format to the pane between the visualizations pane and the canvas.
In the attributes pane, click the Data icon, and expand either Policy Results Stats or Policy Results Threats to see lists of the attributes you can add to the new visualization. Note: Call Stats is not available at this time.
Drag and drop the data elements you want onto the canvas.
Security Shield begins building the new call-report visualization.
(Optional)—In the visualization pane, click My Calculations and double-click one or more of the calculation parameters.
Security Shield adds the calculation type to the formatting pane and to the canvas.
(Optional)—In the formatting pane, use the layout and design controls to customize the visualization. Note: The controls vary according to the visualization type.
(Optional)—Above the formatting controls, click the icon in the attributes bar that runs across the top of the canvas to see lists of attributes you can apply and do the following:
- Expand the list according the type of visualization you are creating (Policy Results Stats or Policy Results Threats).
- Double-click the element you want to use.
- Configure the attribute and click outside of the configuration dialog to add it to the attributes bar.
- (Optional)—Select and configure more attributes.
Click Save.
Security Shield saves the new project.

Caution:
Do not keep your custom or modified analytics projects in the OCSS folder. When Oracle upgrades Security Shield, the process may overwrite the default canvas and will remove all canvases you added or modified in the OCSS folder. Oracle strongly recommends that when you create a custom analytics canvas or modify the default analytics canvas, you do so in a different folder. Oracle also recommends saving a local copy of all your analytics canvases. Use the export function, which creates a .dva file you can save locally. In this way, your canvases will be available for use in disaster recovery, roll-back, and upgrade scenarios. See Move a Security Shield Analytics Project Out of the OCSS Folder.

For important information about saving custom analytics reports, see Save Analytics Projects.

Security Shield Analytics Export

Sometimes you might want to save or further examine information from the Oracle® Communications Security Shield Cloud Service (Security Shield) analytics canvas or share it with other trusted parties. You might also want to capture the same types of information on another of your other Security Shield tenancies. To accomplish those goals, you can export analytics data, graphs, and canvases to save and use as needed.

You can export the following from a canvas:

Data from a single report displayed on the canvas
The whole canvas
A graphical image of a single report or the whole canvas

The export functionality provides several formats for the output.

When you want to export data, choose the .csv format. Security Shield delivers the data in an Excel spreadsheet, which you can view and save immediately.

Note:
Security Shield can export approximately one million entries in a spreadsheet.
When you want to export a canvas to save for backup or possibly a roll back, choose the Package .dva format. Security Shield delivers the canvas in a .dva file that you can save and upload when needed.
When you want to export a graphical image of a canvas or report, choose the PowerPoint, Acrobat, or Image format. Security Shield delivers the file in the selected format, which you can view and save immediately.

Export Analytics Data from Security Shield

When you want to keep or further examine data from the Oracle® Communications Security Shield Cloud Service (Security Shield) analytics reports, you can export the data to a .csv file to save locally.

Before You Begin

You must be assigned to the OCSSAnalyticsUser role to perform the following procedure.

Procedure

Use the following procedure for each report on the canvas from which you want to export data. Security Shield does not export data from multiple reports at the same time. When you click a report, Security Shield puts a frame around it to indicate it is the active one.

Note:

Security Shield can export approximately one million records in a spreadsheet.

Access the Security Shield Dashboard and click Analytics Reports.
On the Oracle Analytics page, click the canvas that contains the report you want to export.
On the canvas, click the tab at the bottom of the page with the name of the canvas you want to view.
On the canvas, click the report you want to export.
Click the Export icon at the right end of the page banner, and click File.
In the File dialog, for Format, select Data .csv.
Click Save.
Security Shield delivers an Excel file to your screen.

Export an Analytics Canvas from Security Shield

You can save an Security Shield analytics canvas locally by exporting and saving it to a local folder.

Before You Begin

You must be assigned to the OCSSAnalyticsUser role to perform the following procedure.

Procedure

Use the following procedure for each canvas you want to export. Security Shield does not export multiple canvases at the same time.

Access the Security Shield Dashboard, and click Analytics Reports.
On the Oracle Analytics page, click the canvas that you want to export.
Click the Export icon at the right end of the page banner, and click File.
In the File dialog, do the following:
- Name—(Optional) Re-name the canvas.
- Format—Select Package (dva).
- Include Data—Oracle recommends that you do not enable this option.
- Include Connection Credentials—Oracle recommends that you do not enable this option.
- Include Permissions—Oracle recommends that you do not enable this option.
- Protect Password—(Optional) Protect the .dva package file with a password.
Click Save, and Yes.
Security Shield exports the file to your screen.
Save the file locally for future use.

Export an Analytics Graph from Security Shield

When you want to keep or further examine Oracle® Communications Security Shield Cloud Service (Security Shield) analytics graphs, you can export the graphs as Image, PDF, or PowerPoint files that you can save locally.

Before You Begin

You must be assigned to the OCSSAnalyticsUser role to perform the following procedure.

Procedure

Use the following procedure for each report on the canvas that you want to export as a graphic. Security Shield does not export multiple reports at the same time. When you click a report, Security Shield puts a frame around it to indicate it is the active one.

Access the Security Shield Dashboard, and click Analytics Reports.
On the Oracle Analytics page, click the canvas that contains the report you want to export.
On the canvas, click the report you want to export as a graphic.
Click the Export icon at the right end of the page banner, and click File.
In the File dialog, do the following:
- Name—(Optional) Change the name of the file.
- Format—Select Acrobat (.pdf), Image (.png), or PowerPoint (.pptx).
- Include—Select which part of the canvas you want to export. The choices vary per Format type.
- Size—Select the size you want for the output. Size displays only for Acrobat (.pdf) and PowerPoint (.pptx).
- Orientation—Select the orientation for the output. Orientation displays only for Acrobat (.pdf) and PowerPoint (.pptx).
Click Save.
Security Shield delivers the file to your screen.

Update Custom Analytics Canvases

Some Oracle® Communications Security Shield Cloud Service (Security Shield) updates contain new data points that you can add to your existing custom analytics canvases. For example, My Calculations, Policy Results Statistics, or Policy Results Threats might contain new data points. See the What's New document to learn about any new data points.

Procedure

To add a new data point to an existing analytics canvas, you open the canvas and drag and drop the new data point onto the canvas from the list in the navigation pane.

On the Security Shield Dashboard, click Analytics Reports.
Click the Back button at the left end of the page banner.
Back button.
On the Oracle Analytics home page, click the action menu at the left end of the page banner to display the navigation pane and click Catalog.
Action menu.
On the Catalog page, click Shared Folders and then the folder where the canvas is located.
Open the canvas you want to update and drag and drop the new data point from the My Calculations, Policy Results Statistics, or Policy Results Threats lists onto the canvas.

Save Analytics Projects

When Oracle upgrades Security Shield, the process may overwrite the default project and will remove all other projects in the OCSS folder. Oracle strongly recommends removing all projects you want to keep from the OCSS folder and saving them elsewhere. You may want to keep local copies, as well. In this way, your projects will be available for use in disaster recovery, roll-back, and upgrade scenarios.

Use the following tasks as needed to save your Security Shield analytics canvases.

Create a Folder for Storing Analytics Projects—Applies when you want to save your analytics canvases in a folder other than the OCSS folder.
Duplicate the Default Analytics Project—Applies when you want to preserve or modify the default canvas.
Move a Security Shield Analytics Project Out of the OCSS Folder—Applies to all analytics reports you want to preserve for future use.
Export an Analytics Canvas from Security Shield—Applies to all analytics reports that you want to save locally.

Note:
When you re-import a locally saved canvas into a newer version of Security Shield, the canvas retains the look and functionality of the release of origin.

Duplicate the Default Analytics Project

To preserve the default Oracle® Communications Security Shield Cloud Service (Security Shield) analytics project, duplicate it and move it out of the OCSS folder. You can also use the following procedure to duplicate any of your custom analytics reports.

Before You Begin

Create a Folder for Storing Analytics Projects

Procedure

Oracle periodically updates the default Project and versions its name. For example, OCSS-2.0 is newer than OCSS. Use the most recent default Project.

After you perform the following procedure be sure to save the duplicate in a folder other than the OCSS default folder because the software upgrade process may overwrite the default projects and will remove any other projects in the default folder.

Note:

Oracle recommends that you never directly modify a default project. Create a duplicate and modify the duplicate.

On the Security Shield Dashboard, click Analytics Reports.
Click the Back button at the left end of the page banner.
Back button.
On the Oracle Analytics home page, click the action menu at the left end of the page banner to display the navigation pane and click Catalog.
Action menu.
On the Catalog page, click Shared Folders and then click the OCSS folder.
On the project that you want to duplicate, click the action menu in the lower right hand corner and click Duplicate.
The system displays another representation of the original report image and adds the word "Copy" to the name.
Rename the duplicate project with a unique name.
- Hover over the report.
- Click the action menu.
- Click Rename.
- Enter the new name in the Name field. For example, Total Calls Backup.
- Click OK.
Repeat the process for each report you want to duplicate.

Next Steps

Move a Security Shield Analytics Project Out of the OCSS Folder

Create a Folder for Storing Analytics Projects

Before you create a new Oracle® Communications Security Shield Cloud Service (Security Shield) project or move an existing project out of the default OCSS folder, you need a destination folder.

Procedure

In the following procedure, you use the action menu on the default canvas to create a new folder.

On the Security Shield Dashboard, click Analytics Reports.
On the OCSS page, click the Back arrow at the left end of the page banner.
Back button.
On the Oracle Analytics page, click the action menu at the left end of the page banner to display the navigation pane, and click Catalog.
Action menu.
On the Catalog page, click Shared Folders.
On the Catalog page, click the actions menu in the upper right hand end of the banner and click Create Folder.
In the New Folder dialog, enter the name of the new folder (For example, My Custom Reports), and click Create.
The system adds the new folder to the OCSS folder in Shared Folders.
Do one of the following:
- Keep the new folder in Shared Folders, if you want to allow others access the new folder.
- Move the new folder to My Folders, if you want to keep access to the new folder private.

Next Steps

Move a Security Shield Analytics Project Out of the OCSS Folder into your new folder.

Move a Security Shield Analytics Project Out of the OCSS Folder

If the OCSS folder contains any projects you created or customized, Oracle strongly recommends moving them to a different folder because the upgrade process may overwrite the default project and will remove any other projects in the OCSS folder. Move projects to another folder if you want to preserve them.

Before You Begin

Create a Folder for Storing Analytics Projects.

Procedure

To move your analytics projects for safe keeping, access the OCSS folder and move them to the folder of your choice.

On the Security Shield Dashboard, click Analytics Reports.
Click the Back button at the left end of the page banner.
Back button.
On the Oracle Analytics page, click the actions menu at the left end of the page banner to display the navigation pane and click Catalog.
Action menu.
On the Catalog page, click Shared Folders and then the OCSS folder.
In the OCSS folder, select a project, click the action menu on the project, and click Move to....
In the Move <Report Name> dialog, select the destination folder that you want. For example, Shared Folders or one that you created for storing reports, and click Move.
Move each report that you want to preserve to a destination folder other than OCSS.

Clear a Filter on an Analytics Visualization

After you filter data in a visualization or table in an analytics canvas by clicking a particular data point, you can clear the filter to return the visualization to its previous state.

Procedure

In the visualization, click in the white space.
Security Shield returns the visualization to its previous state.