Everyday we speak to people using connected data to answer complex questions.

Over time, we have noticed the questions they ask are becoming more sophisticated. They are increasingly looking to network visualization to answer more than the ‘who’, ‘why’ and ‘how’. They want to see the ‘where’ and ‘when’ dimensions too. This means going beyond a standard node-link chart.

Karl Urich’s recent blog post looks at the value to be found at the convergence of graphs and geospatial. Read more »

Other useful resources

Visualizing Geospatial Graph Data – our developer tips for integrating the Time Bar into your KeyLines applications.

KeyLines FAQs: The KeyLines Time Bar – answers to our most frequently asked questions about the KeyLines Time Bar.

New Tutorial: Visualizing a Knowledge Graph

Our latest tutorial shows how to use KeyLines and SPARQL to visualize the evolution of music through time.

And on the topic of music, here’s a neat musical visualization of code from Ianta Labs.

Breaking News: Join the GraphParty!

We’re excited to be sponsoring the biggest Graph show on Earth: GraphConnect 2015.

Join us and 1000 other graph enthusiasts for a day of inspiration and insight. And be sure to stick around for the Cambridge Intelligence GraphParty in the evening.

Keep an eye on our Events page for more details as they emerge.

GraphConnect – Save $100

Use our discount code – KEYLINES – to save $100 on your GraphConnect tickets.

Celebrating in style

This month we finally got around to formally celebrating winning a Queen’s Award for Enterprise. We were joined by friends, family and some Cambridge dignitaries for an afternoon of sunshine and champagne.

See the Photos

The Class of 2015

As the end of the summer approaches, we have said a sad good-bye to our interns. Meet the class of 2015!

Do you know a student with a passion for data? We are already accepting applications for 2016. Find out more.

The post KeyLines News – September 2015 appeared first on .

Maintaining the integrity of cyber infrastructure and understanding network vulnerabilities is a critical task for organizations and governments.

What about the biggest network of them all – the Internet? It is increasingly evident that some of the core foundations of the Internet contain major vulnerabilities open to abuse. Most notably the Border Gateway Protocol (BGP).

In this blog post we take a look at BGP, its flaws, and what role graph visualization could play in fixing them.

What is the Border Gateway Protocol?

Very simply, the Border Gateway Protocol (BGP) decides how data gets from one place to another on the Internet.

The Internet is formed of tens of thousands of interacting Autonomous Systems (ASes) – groups of IP Networks defining the locations of different network assets. BGP is a routing mechanism that determines how the request you type into a web browser finds its way to the correct IP address, inside the correct AS, via the shortest possible path.

For this to happen, ASes send packets to each other containing the IPs they hold. When a BGP router receives one of these packets, it propagates the information onward, adding itself to an AS chain. This allows routers to determine how many ‘hops’ would be required to reach a certain IP.

Why is BGP insecure?

Despite being a core protocol for the modern web, BGP is old and insecure – based largely on trust. If a router starts broadcasting errant messages to the rest of the network, huge volumes of traffic can be mis-directed. A notable example of this comes from the recent hacking of Hacking Team.

Among the 400gb of company data dumped online were email messages suggesting that the Italian Raggruppamento Operativo Speciale (Special Operations Group – or ROS) had worked with Hacking Team and the Aruba ISP, to hijack 256 IP addresses it did not own.

This is possible because BGP favors specificity, and because any router can announce any prefix once its original owner stops announcing. If an AS correctly broadcasts ownership of 1024 addresses, but then a different AS falsely claims ownership to 256 of those addresses, other ISPs will believe that route to be the most direct. In under a minute, this false information can be propagated to the internet’s backbone of central routers.

BGP hijacking can potentially be catastrophic: networks can be overloaded, sensitive data can be intercepted or tampered with, and machines can be infected with malware.

Can we use graphs to detect BGP hijacks?

Let’s try visualizing a BGP hijack as a graph. BGP data is fairly tricky to get hold of, but one old example is particularly well documented – when Pakistan Telecom (PT) managed to take YouTube.com offline worldwide.

Back in February 2008, Pakistan’s telecommunications ministry issued a censorship order, telling PT to block its users from accessing YouTube.com.

Instead (and it’s unclear whether this was an accident) PT set its network of routers to broadcast ownership of YouTube’s IP prefixes. Hong Kong-based PCCW Global failed to block the incorrect announcement, instead forwarding it to the rest of the world.

Within 45 seconds, all YouTube traffic had been re-directed and YouTube was offline.

Let’s take a closer look at the events of Sunday 24 February, 2008:

18:00 – YouTube (AS36561 – orange node) is happily broadcasting ownership of it’s range of 1024 IP addresses (208.65.152.0/22). This is being propagated (green links) around a network of ISPs (purple nodes):

18:45 – Pakistan Telecom starts to broadcast ownership of 208.65.153.0/24 (black links) – 256 addresses, a subset of YouTube’s IP addresses. This is a more specific destination, which BGP prefers.

18:47 – 18:49 – Via PCCW, routers around the world receive the false announcement. YouTube traffic is directed to Pakistan:

20:07 – AS36561 (YouTube) starts a countermeasure and itself announces 208.65.153.0/24 – the 256 IPs previously claimed by Pakistan Telecom (shown as a single black link emanating from YouTube):

20:18 – AS36561 (YouTube) starts another countermeasure and announces 208.65.153.128/25 and 208.6.5.153.0/25 – two more specific ranges of 128 IPs (they simply split the prefix space in two):

21:01 – PCCW Global withdraws the prefixes from AS17557 (PT) – successfully stopping the hijack.

Why visualize BGP data as a graph?

Cyber security data data can pose some unique challenges. It is often automatically generated at millisecond levels of resolution and filled with complex and evolving connections. The best way for a human to make sense of it is through visualization.

Do you have complex cyber security data or intelligence you need help to understand. Get in touch to see how KeyLines can help, or jump right in with a free trial:

Try KeyLines!

The post Cyber hijacking: Detecting BGP spoofs with KeyLines appeared first on .

Graph visualization is probably the most powerful tool we have for understanding complex connected data.

But how should you get started with graph visualization? It’s not a simple topic, and specialist know-how can be difficult to obtain. That’s why our graph visualization expert, Corey Lanum, is writing a book on the topic.

Visualizing Graph Data eBook – 50% off

Visualizing Graph Data has just entered the Manning Early Access Program. That means you can gain access to the eBook, chapter-by-chapter, as they are written and download a copy of the final publication next year.

To take part, simply join MEAP and download the book, quoting ‘mllanum’ for a 50% discount.

Start reading

How is this book different?

This is the first book to focus on real-world graph visualization.

It is not aimed at academic practitioners or researchers. Instead, Corey has condensed his 15+ years’ experience of building visualization solutions for government and business. He shares the lessons he has learned along the way, helping you to answer the questions you need to ask when designing and building your own graph visualization solution.

Topics covered include:

• Graph data concepts
• Real world graph visualization use cases
• Overviews of different tools, including introductions to Gephi, Cytoscape, D3.JS and KeyLines
• How to encourage user engagement
• Managing large, dynamic and geospatial graphs

We would love your input

The writing process is still on going. Corey would love to get your feedback on the content so far. We encourage you to let us know your thoughts – good and bad – using the book’s forum.

The post Visualizing Graph Data with Corey Lanum appeared first on .

After a long summer of coding, testing and re-coding, we’re proud to announce that KeyLines v2.11 is live!

This release is the culmination of thousands of developer hours and lot’s of feedback from you, our customers. Don’t forget to tell us your thoughts. Get in touch with us if you have any comments, suggestions or questions.

So, what’s changed?

Location, location, locations (…and analysis)

Perhaps the most exciting update in 2.11 is that KeyLines Geospatial has left beta!

That means the API is now stable and you can start incorporating it into your production applications with confidence.

We’re also built a great new showcase demo, imaginatively titled ‘Geo & Time Bar’, which uses data from the Boston Hubway scheme to show how to combine Geospatial and the Time Bar to dig deeper into your data.

New Graph Functions and a layout

Next time you log into the KeyLines SDK, you’ll find three great new graph functions and a layout:

• PageRank – useful for finding important nodes based on both the volume and value of their in-coming links.
• EigenCentrality – a measure of influence taking into account the number of links each node has, and the number of links their connections have, and so on through the network.
• Community Finding – identify clusters of highly connected nodes in your network.
• Lens Layout – a great way to view your new clusters! The lens layout offers fresh insight into node relationships.

One-click demo downloads

In an effort to make the getting started process even faster, each demo now has a ‘Download’ button. Click it and all of the assets you need – JavaScript, CSS, fonts, images – will be saved to your machine in a single .zip file.

New & improved developer resources

These enhancements should make your lives easier:

• A step-by-step guide to Neo4j integration (Getting Started > Neo4j)
• Support for adding custom map layers (see ‘leafletMap’ function)
• Notes on how to use modular JavaScript (Documentation > Modular JavaScript)
• Best practice chart resizing (Documentation > Resizing Components)

“Geospatial & Time Bar”	“Clusters”
“Ping”	“Impact Analysis”
“OrientDB”	“Map Layers”

What else?

We’ve also made a huge number of minor updates and improvements – far too many to list here. Take a look at the Change Log (Documentation > Change Log) for full details.

Enjoy!

The post KeyLines 2.11 is live! appeared first on .

Modern Customer Relationship Management (CRM) is about more than simply tracking behavior and enlisting customers to campaigns.

Marketing is now focused on relationships and customer data is so varied and widely available, that CRM has evolved to play a much bigger part in business strategy.

It’s about staying one step ahead – of competitors and customers.

Predicting customer actions

Predictive modelling systems use algorithms to predict a customer’s likelihood to do something. Often these are focused on retention, e.g. how likely is my customer to leave and join a competitor?

Companies often use a ‘next best action’ field in their CRM systems to equip frontline staff with the information they need to retain a customer (or, in marketing speak ‘reduce churn propensity’).

This post explores how churn propensity can be predicted with graph analysis, and how KeyLines can enable front-line staff to prevent customers leaving your service.

Propensity modelling in the telecoms industry

An established example of propensity modelling occurs in the mobile network provider industry.

Using social network analysis (SNA), high risk customers can be identified by looking at the social network of a churning customer.

E.g. if the closest friend of a customer (identified by volume of calls/texts a month) has recently left the network, that customer’s churn propensity will increase. Perhaps it’s worth offering them a bigger discount when their contract renewal approaches?

Couple this with other carefully calculated factors that influence churn, e.g. complaints or late payments, and you can generally build a pretty good picture of who’s looking at leaving your service, and who’s planning to stick around.

Lets take a look:

Gonzalez is our target customer because his phone contract renewal is coming up, represented with a stopwatch glyph.

We can also see that one of his most common contacts, Allen, has recently churned – demonstrated by the red node and glyph. The link that represents the flow of communication between Allen and Gonzalez has been colored red to illustrate the possibility of negative word of mouth.

Depending on your variables/influences for customer propensity, you can customize KeyLines events and display to show it visually.

Seeing the bigger picture

If Gonzalez does leave the service, the damage is realistically limited to his immediate connections – of which he has five. Not such a risk to the business.

However, this isn’t always the case. A wider use of Social Network Analysis (SNA) here could be to perform wider network analysis to identify strategically important customers.

To read more about SNA measures, take a look at this previous post – but for now, we’re going to look at degree centrality.

Degree centrality and churn risk

Degree Centrality is a simple SNA measure that counts how many connections a node has within a network.

For a visual example, let’s look at one of Gonzalez’s second degree connections, Tim:

In the screenshot above, Tim also has a glyph representing he is approaching his renewal. If Tim churns, he has the potential to influence more customers than Gonzalez due to his greater degree centrality.

He is in contact with 17 other customers, compared to just 5 for Gonzalez. Armed with this knowledge, a retention agent can be given greater freedom to negotiate with the customer at the time of his renewal.

This can also be visually highlighted in KeyLines with node size/color, halos, labels, glyphs and various others – though this would be more suited to a greater network size.

Data tells a story – let KeyLines share it

This post demonstrates visualising churn, but the applications for this are much wider. Best next action systems and propensity models are the future of CRM and as long as you have quantifiable values, you can use KeyLines to visualize anything.

Maybe you are preparing to release a new product and want to give some early trials in order to spread positive word of mouth – you can use KeyLines to highlight the most connected customers in your network. Or, with a big enough cut of customer social data, you can determine your best ‘seeding’ opportunities.

To try KeyLines for yourself, sign up today for a free trial:

Try KeyLines

The post Customer Relationship Management (CRM) as a Graph appeared first on .

Welcome to October’s KeyLines News. What a month it has been! Culminating in an awesome day with the Neo4j community at GraphConnect San Francisco – where we officially launched KeyLines 2.11!

2.11 is our biggest release yet, with:

• KeyLines Geospatial leaving beta
• Two new social network analysis measures
• A new layout
• Community finding
• and much more!

See what’s in the new release.

Take a closer look at KeyLines Geospatial in 2.11 and how to get started visualizing your geospatial graphs.

Visualizing Graphs with Corey Lanum

In other news, our very own graph expert Corey Lanum is writing a book, and needs your help.

His upcoming book, in which he shares 15+ years of data visualization experience, has just entered Manning Publication’s MEAP program. In exchange for your feedback, you save 50%.

Get your copy!

New use cases

Cyber hijacking: BGP Spoofs

BGP spoofing – It’s one of the most troubling hacks of all, but is almost impossible to prevent. This use case looks at the anatomy of a BGP hijack and asks whether network visualization can play a role in solving the web’s biggest vulnerabilities.

Read more

Visualizing a Knowledge Graph

We really are starting to see graphs everywhere! This blog post looks at DBpedia and uses it to build a visual knowledge graph that we can explore.

Read more

CRM as a graph

Modern customer relationship management is about more than just adding people to campaigns. We look at how graphs can help companies develop more sophisticated marketing and business strategies.

Read more

Need a KeyLines refresher?

We’ve recently re-vamped our white paper, the perfect introduction to the toolkit.

Download a copy and get up to speed!

The post KeyLines News appeared first on .

This week we were proud to announce our partnership with the great team at OrientDB Ltd – makers of the leading multi-model datastore. You can read the official announcement over here, but in short we think the partnership between our complimentary technologies will give you new ways to make sense of your complex connected data.

Later this month we will be hosting a webinar with Luca Olivari, President of OrientDB, and our own Jeremy Snyder, explaining how to maximise your data insight. We’d love for you to join us!

Jeremy will kick-off the hour with an introduction to graph visualization. He will explain how exploring connected data visually can help you cut through noise and focus attention on the information you need to understand.

Next, Luca Olivari will introduce OrientDB. He will explain how the datastore’s speed and flexible multi-model approach helps organisations overcome the challenges of big and complex data.

By the end of the session, you will have an idea of where to start building your own application for visualizing complex graph data.

Register now!

The post Maximizing OrientDB data insight appeared first on .

In late October, we announced KeyLines 2.11 – one of the biggest releases of our graph visualization toolkit yet.

In among the new features and enhancements were two great new graph functions: EigenCentrality and PageRank. How do they work? When should you use them?

Let’s take a closer look…

EigenCentrality: Network Influence

What is EigenCentrality?

EigenCentrality is a Social Network Analysis (SNA) centrality measure – one of five available in the KeyLines SDK to help you pinpoint important nodes.

Like degree centrality, EigenCentrality measures a node’s influence by counting the number of links it has to other nodes within the network. However, EigenCentrality goes a step further by also taking into account how well connected a node is, and how many links their connections have, and so on through the network.

KeyLines calculates each node’s EigenCentrality by converging on an eigenvector using the power iteration method. That means our algorithm generates random vectors and multiplies them through an adjacency matrix (a matrix summary of the connections between nodes) until the corresponding eigenvalue is found.

What does EigenCentrality tell me?

A high EigenCentrality score indicates a strong influence over other nodes in the network. It is useful because it indicates not just direct influence, but also implies influence over nodes more than one ‘hop’ away.

A good example is Bill Williams in our Enron Demo – a visualization of the 1.6 million emails published by the Federal Energy Regulation Commission.

Degree Centrality

EigenCentrality

The left screenshot shows nodes sized by degree (i.e. their number of links). Here, Bill looks like an important node.

The right screenshot sizes nodes by EigenCentrality. This view makes Bill seem much less important. This is because he has only one connection back to the wider network – via Timothy Belden – who himself is relatively disconnected from the network’s powerbase:

So, a node may have a high degree score (i.e. many connections) but a relatively low EigenCentrality score if many of those connections are with similarly low-scored nodes.

Also, a node may have a high betweenness score (indicating it connects disparate parts of a network) but a low EigenCentrality score because it is still some distance from the centers of power in the network.

We can see that here with John Lavorato – he’s in the center of the network topologically, but lacks Tana Jones’ volume of connections to high powered nodes:

PageRank: The Google Algorithm

What is PageRank?

PageRank is a variant of EigenCentrality, designed and made famous by Google founders Larry Page and Sergei Brin.

Designed for ranking webpages, PageRank uses links between pages as a measure of importance. Each webpage is treated as a node in a network, and is assigned a score based upon its number of in-coming links (its ‘indegree’). These links are also weighted depending on the relative score of its originating node.

The result is that nodes with many in-coming links are influential, and nodes to which they are connected share some of that influence.

What does PageRank tell me?

Like EigenCentrality, PageRank can help uncover influential or important nodes whose reach extends beyond just their direct connections.

The main difference to EigenCentrality, in KeyLines at least, is that PageRank takes link direction and weight into account*. This makes it a more useful measure in certain scenarios, including:

• Understanding citations (e.g. patent citations, academic citations)
• Visualizing network activity / propagation of malware
• Modeling the impact of SEO and link building activity (although PageRank is now just one of many ranking algorithms used by Google)

* Although the algorithm can be modified not to consider link direction.

Let’s take a look at PageRank in action with our Enron data demo.

Let’s follow one employee. This screenshot shows the network with no centrality measures applied. We’ve selected Barry Tycholiz. Let’s see how he appears with EigenCentrality applied:

He remains a fairly small node in the network. He has relatively few connections (to only 9 other nodes) and seems pretty insignificant.

Let’s try PageRank:

Despite his limited connections, Barry balloons to the largest node in the network when PageRank is applied. He is one of the few nodes in the network receiving in-coming links from highly influential nodes. This has pushed his PageRank score up significantly.

A quick Google confirms that Barry Tycholiz was VP of Enron North America – an important node in the network that we may not have identified with the other centrality measures.

Find the right measure for the job

Understanding network dynamics and influence can be a game of trial and error. Different measures are better suited to certain scenarios or datasets.

KeyLines has five different SNA measures, each designed to uncover different kinds of influence. Download our whit­­­e paper to find out more:

The post EigenCentrality & Page Rank appeared first on .

Screenshot of the AIMS™ social media exploration component, showing connections between corporations and other entities, derived from mentions on social media.

• iMapData use KeyLines to visualize risks in social media data.
• Visualization component was ready for customer deployment within three weeks.
• Users report saving hours, or even days, on data discovery activities.

The Smarter Way to Mitigate Risk™ is iMapData’s tagline. For the past 30 years, they have worked with Fortune 500 companies and US government agencies, helping them to identify, understand and proactively mitigate risk.

From their McLean VA base, they manage a 24/7 data collation and cleansing operation, bringing together vast volumes of information about their customers’ critical assets. Customers then access and analyze this data using the Advanced Intelligence Management System™ (‘AIMS’) – iMapData’s SaaS platform. AIMS™ contains a suite of data exploration, analysis and visualization tools that empower organizations to identify, assess and respond to risks as they evolve.

In 2015, iMapData released a KeyLines network visualization component for exploring and analyzing social media datasets.

The Challenge

Three-quarters of online American adults use social media. Facebook has nearly 1.5bn active users worldwide. In this environment, organizations serious about risk need to be looking at their social media footprint.

For some time, the AIMS platform has included a Social Media search component:

iMapData’s legacy social media search component.

With a combination of natural language programming (NLP) algorithms and a powerful keyword search function, users are able to explore iMapData’s huge curated social media databases. Results are presented in list form, with hyperlinks between related documents.

A review of customer feedback led iMapData’s product team to explore network visualization as an alternative way to present this complex connected social data. As iMapData’s VP of Product Development, Neil Sobin, explains:

“Our customers’ problems change every day. There are new threats, bad actors, and vulnerabilities emerging across the globe constantly, exposing our customers to real harm. As such, it is vital for security analysts to be able to rapidly discover risk information related to their interests – whether they be people, brands, social media accounts, or other entities.

We knew that by visualizing this data as a network, we would provide faster access to that insight, in a format that can be communicated quickly to stakeholders.”

The Requirements

iMapData identified four critical criteria for their network visualization solution:

1. Compatible – The AIMS™ platform is designed to bring critical intelligence data to users, anywhere in the world. Compatibility with different devices and browsers is essential.
2. Extensible – AIMS™ is a growing and evolving platform. The visualization solution would need to be compatible with future growth and development.
3. Feature rich – iMapData add value to their data through a year-round program of manual cleansing, but also by providing sophisticated end-user analysis tools. The network visualization solution would need a rich and evolving library of functionality that could be incorporated into their application.
4. Speed of integration – iMapData look to continuously improve the value provided to their user community. Significant enhancements like visualization would need to be implemented quickly and efficiently and maintain the high standards of performance expected by their demanding users.

The Solution

The iMapData Product team reviewed a variety of options, including a commercial Java-based data visualization technology and D3.js. Neil Sobin explains the process:

“We quickly reached the conclusion that the other commercial technology would not be suitable for us. As a Java-applet based product, it failed to meet our important compatibility criteria, and also lacked extensibility.

Then we began to explore building our own native solution using D3.js. We were pleased with the compatibility and extensibility the library offered, but it lacked the rich functionality we needed. It would have required a tremendous amount of development input to build even a simple network visualization component.

At this point, we looked at KeyLines, which met all of our big-four criteria. The developers experimented with the SDK and really liked it. Our business stakeholders appreciated the use cases on the website.”

In July 2015, the team set to work building a production-ready KeyLines component.

The Result

Within just three weeks, a candidate was ready for deployment to government and commercial customers. Following the release, usage of the text-based legacy social media search tool plummeted as users took advantage of the more intuitive network visualization approach.

Neil Sobin explains how the new approach has saved customer time, and helped analysts to produce more accessible security briefings:

“Our customers are delighted with this new approach to data exploration. We have transformed real-time discovery on massive data sets from a laborious process of reviewing lists to an accelerated graph analysis. Our customers have reported that the data discovery activity has been reduced by hours – even days in some cases.

Furthermore, the process producing real intelligence reports, worthy of briefing senior leadership, is now to a point where all levels of the organization can interpret the graph. The analyst no longer needs to rely on PowerPoint slides. Now they can brief colleagues with an interactive, web-based tool.”

Screenshot of the AIMS™ social media exploration component, showing connections between corporations and other entities, derived from mentions on social media.

More about iMapData

For over 30 years, large commercial organizations and the United States government have relied on iMapData’s expertise and intelligent solutions to proactively mitigate risks to their organizations.

The flexible, robust and scalable iMapData solution adapts to support their clients’ needs in the most dynamic of threat environments. iMapData’s Advanced Intelligence Management System™ platform seamlessly integrates the functions of business continuity, situational awareness, force protection and risk management.

The solution includes global incident monitoring by iMapData’s trained analysts in a 24/7 Risk Assessment Center, as well as complete mobile communications.

Visit www.imapdata.com for more information.

Download this case study as a PDF.

The post Case Study: iMapData appeared first on .

In our last post, we took a closer look at EigenCentrality and Page Rank – two of the great new features in KeyLines 2.11.

This time we look at another exciting new way to understand your connected data: Clustering!

A KeyLines visualization showing community structures in company ownership data. Here, we have complemented the clustering algorithm with KeyLines’ lens layout, producing a circular presentation.

Currently in beta, the clustering function can be used to identify communities in your networks. It has been carefully optimized to balance speed and quality, providing insight into potential community structures.

Let’s take a closer look…

What is clustering?

To understand clustering, we need to understand a network (or ‘graph’) concept called modularity.

Modularity is a way to measure how readily a network can be divided into sub-networks, which we call modules. A high modularity score means there are tightly connected modules, with relatively few links connecting the modules together. A low modularity score indicates the opposite – or a relatively even distribution of links between nodes in the network.

How do we calculate modularity?

In KeyLines, we calculate network modularity as the fraction of the links whose ends fall inside a group, minus the expected fraction if links were distributed at random. This gives us a score between 0 and 1.

For example, if we imagine a network with 100 nodes and 200 links. If one cluster has 25 nodes and 100 links – i.e. a quarter of the nodes, but half of the links – the modularity would be ½ -¼ = ¼.

Our clustering algorithm works by finding network partitions that will minimize the modularity score. At the beginning of the algorithm, it takes each node as a cluster. We then run through every permutation by moving nodes into clusters, keeping the configuration if the modularity score increases.

The result is ‘optimal’ partitions for different numbers of modules:

Here we are steadily increasing the number of modules. With each change we see smaller clusters, but more of them. The ‘cluster factor’ can be adjusted by the user, giving them a simple way to explore network modularity.

Note: This works for both connected and disconnected graphs, and can also take link weightings into account.

Why is it useful?

Uncovering and understanding communities is a great way of gaining network insight.

Some useful use cases include:

• Cyber security – studying clusters can help you to model how something can move through a network. For example, malicious software will propagate more quickly through a dense community, compared to a sparse one.
• Security – law enforcement and security agencies often need to extrapolate insight about organizational structures from complex communications meta-data. Clustering algorithms make it much easier to find communities and start learning more about the organizations being investigated.
• Anti-fraud – inevitably, organized gangs perform the most damaging and costly fraud. By looking at clusters of fraudulent activity, investigators can find and shut down fraud rings.

Want to try it for yourself?                    

Of course, these three use cases are just a tiny fraction of the potential ways clustering can help you find insight in your complex connected data.

Why not try KeyLines clustering capabilities for yourself?

Try KeyLines!

The post KeyLines Network Clustering appeared first on .

Cyber intelligence data is big, complex and varied. Graph visualization is fast becoming a ‘must-have’ technology tool for organizations serious about cyber threats.

We caught up with Raymon van der Velde, Co-Founder and VP Product at EclecticIQ – an award-winning pioneer of graph-based cyber security tools – to learn more about what they are doing.

Hi Raymon, thanks for joining us! Let’s start with an introduction to EclecticIQ – what is it you do?

Hi Andrew. At EclecticIQ we enable the cyber threat analysts in large organizations to truly harness the power of cyber threat intelligence.

Our platform does that by digesting large amounts of data and presenting it back to the analyst in a way that helps them align their cyber defenses with the threat reality.

The EclecticIQ platform uses a graph-based interface to provide analysts with a clear window to cyber intelligence. This screenshot shows cyber intelligence in the STIX/TAXII taxonomy

That’s an interesting mission. Is the platform for enterprises?

We are working primarily with large, mature organizations with critical infrastructure to protect. So that’s large enterprises – predominantly financial institutions – and governments.

Those kinds of organizations are rapidly developing their threat intelligence practices. Their analysts need to constantly survey the threat landscape and unpick vast amounts of data to see what’s going on. That’s where graph-based solutions are needed most.

We have had interest from other groups as well – especially SOCs (Security Operations Centers), CERTs (Computer Emergency Response Teams) and Fraud and Risk groups – but it’s primarily those large organizations with cyber threat analysts who most urgently need this kind of solution.

There are a lot of cyber start-ups out there. Why is EclecticIQ unique?

We have some great competition out there, there’s no doubt.

Where most Platforms have a focus on ingestion and sharing, we’ve added an Analytical toolkit, using a graph based approach to exploring and understanding cyber intel data. And because Cyber Threat Intelligence is a capability and not just a tool, we empower the users with Workflow and Process features, making it a true Enterprise Platform.

Manual discovery of STIX / TAXII data

Presumably that analytical functionality helps analysts to understand and prioritize threats. Is that where KeyLines plays a role?

Absolutely. Where KeyLines plays a role for us is in providing a full graph view of the data.

In the past, analysts were not able to have that complete view. They would have different data stores and use really labor-intensive methods to try and correlate it and glean some insight.

It was time-consuming and never gave them the opportunity to explore and expand, which the graph does.

Is that the value the analysts are getting? The ability to join these disparate data sources together, and explore the full graph and find the key insight?

Yes. The advantage of a KeyLines graph is the freedom it provides the user. These cyber analysts are working with the unknowns, and the unknown unknowns.

Only humans are equipped with the analytical and creative skills required to make sense of this information. We can harness the human brain’s pattern recognition capability, but we need to first find a way of interacting with the data.

KeyLines offers that: it gives analysts a way to ‘walk’ the graph. It empowers them to make sense of the data, and it does it in a very efficient way.

Graph visualization is relatively new within threat intelligence, but it is slowly becoming the ‘go to’ tool within the sector as people see its power and value.

Workspaces for collaborative data analysis and discovery

You mentioned these analysts are sometimes looking for unknown unknowns. What are the specific challenges of working with cyber threat intelligence data?

You’re right: we’re working with cyber threat intelligence. Of course, it’s a very hot topic with a cool name, but ‘threat intelligence’ means different things to different people.

Cyber threat intelligence can be anything from a list of IP address in an Excel file to a PDF to file hashes, and anything in between.

What ties it all together is that this data is big, complex and varied.

Intelligence is evidence-based knowledge about threats. Our task is to guide the user into taking decisions and taking a response. We need to present them with the intelligence – whether it’s technical information about the tools and technology an adversary uses – or contextual intelligence about an actor’s motivations or different campaigns.

The graph is the ideal way to present information of this scale, complexity and variety in a way that’s easy for a user to manage.

How was your experience with KeyLines?

Whenever you work with a technology, there are two very important aspects: first is the quality of the product, second is the support.

With KeyLines, both of those have been excellent.

The product is superb and our engineers have found the support to be very flexible and responsive. The experience has been top notch.

Yes, I’ve noticed on your website you discuss ‘empowering’ the analysts with the graph. What has the initial user feedback been like?

Everyone we have worked with, both beta customers and our initial customers – have been very positive about the graph. I guess our job now is to build on that success and provide more features within the graph.

I know we are very enthusiastic about the possibilities the graph offers. There’s an urge to start adding on features – well, I think it’s important to guide the users with the right features to help them do their job.

What are your plans for the future?

One thing we are working on currently, soon to go into beta. It will give those analysts insight into how they are managing their threats, but I can’t say too much right now! Your readers will have to follow our Twitter account to find out more…

The post Graphs and Cyber Security Intelligence appeared first on .

We’re excited to announce KeyLines 3.4 – the latest version of our network visualization toolkit. It includes new features and improvements that will accelerate the developer and analyst experience.

Introducing Donuts

Graphs are great for quickly getting a sense of network structure, but sometimes you need to convey data values quickly too. KeyLines new donuts feature allows you to display relative data values as node borders:

These colorful new additions provide a great ‘at a glance’ understanding of data volumes, without overloading the chart with glyphs or labels.

Donuts are entirely customizable – you can select how many segments you want, choose color palettes, set segment and border widths, add tooltips and more.

TypeScript Support

We know many of you use TypeScript code, so we’ve added support for this. It means you can take advantage of key features including strong typing, context sensitive documentation and IntelliSense.

KeyLines now comes with detailed type definitions that you can include in your TypeScript project which makes coding in TypeScript much easier.

See the SDK documentation for full detail.

Angular Support

We’re pleased to announce support for the latest Angular platform with our Angular component.

Angular is the official name of the latest web application platform from the team that built AngularJS 1.x. The two platforms are not the same – Angular is a complete rewrite of AngularJS.

You’ll find a new demo in the KeyLines SDK to help you get started.

IBM Graph

KeyLines has been designed to work with the widest range of different data sources, from your oldest relational database to the latest graph store. Our SDK site features working examples of the most popular options, now including IBM Graph – a fully-hosted graph database.

Read more about IBM Graph & KeyLines

Quicker Quick Start

We’ve used your feedback to improve our Quick Start guide, designed to get you running in just a few minutes. We’ve also simplified and clarified our documentation throughout the SDK site.

New demos, enhancements and bug fixes

We’ve also incorporated a number of new demos, improved demos, feature enhancements and bug fixes. Find the full list for your edition on the KeyLines SDK site.

Want to see what’s coming next?

We’re hosting our next online Developer Forum tomorrow. This is only open to current KeyLines customers and evaluators, and happens just twice per year.

You should have received an invite last week – contact your Account Manager if not. We hope to see you there!

Ready to try?

Apply for a free KeyLines trial account

The post KeyLines 3.4: Donuts have arrived appeared first on Cambridge Intelligence.

In KeyLines 3.4, we responded to customer requests and included the ability to add donuts to nodes. Donuts are circular node borders divided into segments that add up to 360 degrees. They work just like pie charts and allow you to show nodes values as numeric proportions.

To help make sure your KeyLines visualizations are as clear and effective as possible, here’s a list of ‘Dos’ and ‘Don’ts’ when using donuts.

Do consider how much data you need to display

Donuts, like pie charts, work best when there are five segments or fewer. Crowding a single donut with more than 10 or 12 segments is likely to make your KeyLines chart confusing. Identify the 3 or 4 largest segments, and then group the remaining values together into a generic category. This helps your users focus on what’s important.

If you want to display details or a breakdown of what’s in each category, add tooltips to the hover event on each segment.

Do choose colors carefully

Color plays a big part in how humans interpret data. Donuts in KeyLines come with a default set of colors, but you can choose your own. If you do, follow these simple tips:

• Keep colors consistent across nodes. The same category should be the same color throughout your KeyLines chart.
• Use brand colors if your data shows brands. Users are familiar with certain colors for brands (Facebook, Twitter, etc.) so use them to speed up the user’s understanding.
• Consider accessibility. Some users find it hard to differentiate between certain colors, so consider an alternative color scheme that these users can choose. It’s a good idea to choose distinct colors that are not too similar for donut charts. Using a color palette tool can help.

How to select colors for data visualization.

Do think about adding a legend

Will users be able to understand your color scheme? A legend next to the KeyLines chart may help users grasp what you’re trying to communicate.

Do consider the order of your data in a donut

KeyLines always starts the first segment at the 12 o’clock position. When viewing a single donut, it’s best to represent the largest amount of data in the first segment, then display the other segments from second largest to smallest clockwise around the node.

However, if you are using donuts to make comparisons between different nodes, it may be better to keep the colour order consistent. Which ever option you choose, make it consistent across your graph.

Don’t bombard users with donuts

Showing a donut on every node in your chart might make it difficult to interpret. Instead, you could display an animated donut when you hover or select a node.

Don’t use donuts for absolute comparisons or non-relative data

Donuts are designed to display proportional data only. If you want to communicate other types of data, use a different feature, such as tooltips. Similarly, donuts aren’t good at comparing absolute quantities between nodes. Consider using glyphs for this instead.

We hope that these tips are useful and that you can use the donuts feature to create some beautiful and informative KeyLines visualizations!

The post Using donut nodes: Some best practice advice appeared first on Cambridge Intelligence.

In 2016, IBM arrived on the graph scene. In this blog post, we’ll take a closer look at IBM Graph, how it works and why it’s a great pairing for your KeyLines graph visualization applications.

Introducing IBM Graph

KeyLines is a database-agnostic technology, designed to visualize data from virtually any source. On our SDK site, you’ll find examples of how to hook KeyLines up to your preferred database.

Our newest integration, released as part of KeyLines v3.4, is with IBM Graph.

According to the team behind the technology, IBM Graph is “the world’s first enterprise-grade distributed property graph database-as-a-service”. Let’s break down that statement:

• Enterprise grade: as data is generated and collated at ever-increasing rates, both scale and complexity become a real challenge. IBM Graph scales with your data, from small to huge datasets, as your business needs change.

• Distributed: IBM Graph can spread the heavy lifting across many servers and machines, so performance scales too.

• Property graph database: if you’re new to graph databases, they’re a type of NoSQL database optimized for highly-complex and interconnected data. More about graph databases.

• As-a-service: this is a big differentiator for IBM Graph. Other graph databases need a locally-hosted or self-managed instance. IBM Graph is fully managed by IBM’s team of database experts. so you’re free to focus on the rest of your application stack.

Under the hood, IBM Graph uses the Titan graph database, so it makes the same claims about distributed setup and performance. But by making Titan available as a cloud service, IBM’s developers aim to make it easier to use graphs in the enterprise.

The Titan origins also mean integration with KeyLines is simple and painless.

Let’s take a closer look.

Why visualize IBM Graph with KeyLines?

If you’re working with big and densely-connected data, you need tools that can handle scale and complexity.

A KeyLines-powered graph visualization component provides an interactive, intuitive and powerful way for end users to explore and understand graph data. It offers:

1. Unrivalled performance – it combines HTML5 Canvas and WebGL renderers with carefully optimized graph analysis algorithms. KeyLines can handle charts with hundreds of thousands of elements, without compromising on interaction.

2. Powerful functionality – we’ve created a rich API of graph visualization functionality, including layouts, filtering, temporal and geospatial analysis.

3. Simple integration – connect KeyLines to your IBM Graph instance in just a few easy steps…

Hooking KeyLines up to IBM Graph

Log into the KeyLines SDK (request a trial account here if you’re not already a user) and find the new IBM Graph demo:

It uses information from a database of movies and actors. Double-click nodes to expand connections:

Use the controls on the right hand side to run KeyLines’ automated layouts and inspect the Gremlin queries raised.

Here’s how it works behind the scenes:

On the left, we have everything that’s happening client-side (in the browser). On the right, we have everything happening server-side.

As users interact with KeyLines in the browser, their actions raise AJAX Requests. These requests get passed to IBM Graph’s Gremlin endpoint.

There are four simple steps to get KeyLines working with your own IBM Graph data:

1. Set up your IBM Graph instance – you’ll start this process using the IBM Bluemix catalog, which gives you the credentials you’ll need later on.

2. Load your graph – we recommend using the Gremlin endpoint for this.

3. Create a local server – as IBM Graph is a hosted service, we’ll need a local service to proxy requests to and from our endpoints.

4. Load your data into KeyLines – by creating some code that converts your KeyLines interactions into Gremlin queries, and loads your data into the chart.

And that’s it! Your IBM Graph database should work seamlessly with your KeyLines chart.

Ready to try it yourself?

Our new Getting Started guide provides step-by-step instructions, with code snippets, to help you through your IBM Graph/KeyLines integration process.

Download the Getting Started Guide!

The post Visualizing IBM Graph with KeyLines appeared first on Cambridge Intelligence.

We’re proud sponsors of the biggest and best graph event this side of the Atlantic: GraphConnect Europe in London on May 11th.

Now in its 5th year, GraphConnect is a must for anyone interested in graph databases and their real-world applications. Among the experts sharing their experience this year will be representatives from Airbnb, Deutsche Bahn and Capgemini.

Graph databases and visualization go hand-in-hand, so fans of visual analysis can expect a day of useful talks. Our partners IntelligentTag will take to the stage at 3.50pm to show how they’ve helped optimize California’s largest casino floor with Neo4j and KeyLines.

You can also catch KeyLines on the Lightning Talk track. Product Manager Dan Williams gives a 10-minute intro to graph visualization at 11.30am.

The KeyLines team are available throughout the day at our demo table. Stop by to say hello and enter our contest to win a copy of Visualizing Graph Data by Corey Lanum.

Join the webinar

In the build up to GraphConnect, we’ll present a webinar with the Neo4j team.

Christian Miles, will show how you can combine KeyLines and the Neo4j graph database to improve performance and power vital analysis of Law Enforcement data.

Register for the webinar

Get a discount for GraphConnect Europe

If you’d like to join GraphConnect Europe, you’re welcome to use our discount code. Just enter ‘CAMBRIDGE30′ at the checkout for 30% off the ticket price.

Register for GraphConnect

The post See you at GraphConnect! appeared first on Cambridge Intelligence.

Over the years we’ve worked closely with thousands of JavaScript developers. During that time, there has been a notable shift in they way code is written, with the rise of the JavaScript framework.

These frameworks have made writing good code easier, giving developers the freedom to build complex web applications without worrying about code structure or maintenance overhead. KeyLines is compatible with lots of different frameworks, and you’re free to choose whichever you prefer, but Angular is more popular than most so we’ve given it a little extra attention.

In this blog post, we’ll run through the different Angular examples we’ve created for KeyLines, and how you can get started with them.

A clarification of naming…

Before we get started, we should explain how Angular’s versioning works.

The original Angular framework was AngularJS. This is sometimes called Angular 1, or Angular 1.x.

In September 2016, the Angular team released the next iteration of their framework. It’s simply known as Angular, or the Angular Component, but often informally called Angular 2. It is a complete re-write with fundamental and breaking changes throughout the framework.

For added confusion, the latest version of Angular is version 4.0. The team decided to skip v3 to align versioning among their own different packages. v4 is backwards compatible to v2.

KeyLines with AngularJS (v1.x)

We spent quite some time working with our customers on a KeyLines directive for the original AngularJS. A production-ready version of this was included in KeyLines 3.0 back in March 2016.

It’s compatible with all AngularJS versions from v1.3.x and later and is showcased in two separate demos. These can be downloaded from the KeyLines SDK site, to run locally and start as a jumping-off point for your own projects:

There are three simple steps for getting started with our AngularJS directive.

Nb. You can use either $scope or ‘controllerAs’ syntax, and incorporate more than one component in a single page. For simplicity, our examples here use $scope and have just one component, but full examples can be found on the KeyLines SDK site.

Step 1 – declare your component

<kl-component
  id='kl' style='width:744px; height:430px;'
  kl-type='chart'
  kl-ready='klReady'>
</kl-component>

Step 2 – use the KeyLines API inside your component

Add the KeyLines directive:

  angular.module('myApp', ['ngKeylines']);

And listen to the ‘kl-ready’ event in your controller:

$scope.klReady = function (component) {
  $scope.chart = component;
  // You are ready to use the API as you want!
}

Step 3 – bind KeyLines events

In your HTML:

<kl-component
  id='kl' kl-type='chart'
  kl-delete='onDelete'
  kl-hover='onHover'>
</kl-component>

In your controller:

$scope.onDelete = function () {
  console.log('Chart delete event triggered!');
  return true; // Override the default behaviour
}
$scope.onHover = function (id, x, y, sub) {
  console.log('Chart hover event triggered!');
}

And you’re good to go!

If you’d like to see more about our AngularJS integration, request a trial of the KeyLines SDK.

KeyLines with Angular (v2.x)

The changes in this updated version of Angular were so dramatic that almost immediately after its launch we started getting requests for a new version of the AngularJS directive. Our latest release, KeyLines 3.4, included a new integration and two extra demos to kick-start your projects.

Also in KeyLines 3.4 was support for TypeScript – a typed superset of JavaScript that compiles to regular JavaScript – in which Angular is written. The combination of Angular and TypeScript is powerful, and getting started is easy.

Compared with AngularJS, the getting started process for Angular with KeyLines should be familiar. The biggest change here is caused by the removal of both $scope and ‘controllerAs’, which were demoted in favor of components in the latest iteration of the framework.

Step 1 – declare your component

<kl-components>
  <!-- chart -->
  <kl-component id='kl' klType='chart' (klReady)='klChartReady($event)'></kl-component>
</kl-components>

Step 2 – Use the KeyLines API inside your component

Listen to the ‘klReady’ event in your component.

public chart: KeyLines.Chart;
klChartReady(chart: KeyLines.Chart) {
  this.chart = chart;
  // You are ready to use the API as you want!
}

Step 3 – Bind KeyLines events

In your template, use:

<kl-components>
  <!-- chart -->
  <kl-component id='kl' klType='chart' (klEvents)='klChartEvents($event)'></kl-component>
</kl-components>

In your component, use:

// will receive events for the chart
klChartEvents(event: any) {
  if (event.name === 'hover') {
    console.log('Chart hover event triggered: ', event.args);
  }
  else if (event.name === 'delete') {
    console.log('Chart delete event triggered: ', event.args);
    event.preventDefault = true; // Override the default behaviour
  }
}

Our aim with both of these integrations is to make it easy for KeyLines developers to harness the advantages of the Angular framework and build better apps more efficiently.

As always, we’re keen to get your feedback on any aspect of the toolkit. Get in touch with your comments or suggestions.

Alternatively, if you’ve been inspired to try KeyLines for yourself, request a free trial account.

The post Building a KeyLines application with Angular & AngularJS appeared first on Cambridge Intelligence.

Graph visualization is a vital component of any cyber security strategy. Without it, analysts struggle to uncover insight from complex logs, which limits their investigative powers and leaves systems vulnerable.

In this blog post, we’ll use a dataset related to ransomware to show how a KeyLines graph data visualization tool simplifies complex information, and makes post-attack forensics interactive, intuitive and insightful.

Spotting patterns in Ransomware attacks

Ransomware is a kind of malware, designed to hold computer files hostage to extort money. It’s usually hidden inside a Trojan – a file disguised as something harmless – which triggers the malware download. The malicious software encrypts the victim’s data and demands money in exchange for the decryption key.

Criminals can make hundreds of millions of dollars from sophisticated attack software. Shutting them down is a cat-and-mouse game involving law enforcement agencies and ISPs.

Our dataset and data model

The Ransomware Tracker, run by abuse.ch, maintains a list of over 6000 domain names, IP addresses and URLs associated with ransomware. It’s an excellent resource for anyone interested in cybercrime infrastructure. You can download the entire dataset in a CSV format, and then convert it into a KeyLines JSON object.

Each ransomware attacker uses a unique combination of vectors to infect the victim’s machines – email attachments, exploit kits, malvertising – but the malware itself is always delivered via a server and host.

Here’s our basic data model:

• An IP node represents a server, with a glyph showing its geographic location
• An @ node represents a host, with the glyph showing if it is active or inactive
• The link is color-coded by ransomware family

There are three ransomware families in our data: Crytowall, TeslaCrypt and Locky.

Combining Time Bar, Combos and Filtering

KeyLines is a JavaScript software development kit (SDK) for building your own graph visualization applications. There are plenty of demos and step-by-step guides to get you started, showcasing individual bits of functionality through to full sample applications.

One popular design pattern is to combine the Time Bar with Combos and Filtering. These three together form a powerful tool to quickly simplify large and complex data.

Understand network structure with layouts

The initial load of our data (using KeyLines’ standard layout) at first seems a little unremarkable:

But running the structural layout to group nodes according to their structural similarity, reveals some anomalies:

There’s a number of unusual structures on the left hand side, with green links indicating Locky. When we zoom in, we can see multiple hosts running from single servers in various countries. These rogue servers would be prime targets for ISP shutdown:

Remove clutter with combos

We can also use KeyLines’ combos feature to group nodes with shared properties:

This view reveals what’s happening on a macro level. We can see the relative volumes of attacks in our dataset by malware family, and the countries affected.

In just a few clicks, we’ve transformed hundreds of rows of data into a comprehensive network visualization. Here’s what happens when we uncombine the country nodes:

See temporal patterns with the time bar

Next we’ll add a time bar so we can see when events occurred. We can see that Locky becomes active around February 16, 2016, which is also the day that around 500,000 machines were infected in a single attack.

The first known attack in our dataset was 6am that day, from a Maldovan server:

Isolate anomalies with filters

Finally, let’s look at filters. The KeyLines API makes it easy to apply filters based on any logic you want. We’ve opted for malware family, so we can see the geographic structures of different ransomware:

Try it for yourself

This is a simplified example of how KeyLines’ powerful visualization capability can help us explore and understand large volumes of complex connected data. With layouts, combos, the time bar and filtering, analysts can quickly understand and unravel complicated scenarios.

To try this demo for yourself, register for a free trial of the KeyLines toolkit or get in touch.

The post Making sense of Cyber threats with graph technologies appeared first on Cambridge Intelligence.

Great news – KeyLines has been shortlisted for ‘Innovative Product of the Year’ at the 2017 Cyber Security Awards. A panel of industry experts judged KeyLines to be unique, innovative and beneficial to the cyber market.

The Cyber Security Awards reward the best individuals, teams and companies within the cyber security industry. Previous winners include Nuix, Data Barracks and DarkTrace. We’ll join other leading cyber security companies at the awards ceremony later this summer.

Cyber security vendors around the world already use KeyLines to build the interactive, and insightful network visualization applications their users need.

Understanding cyber threats is often a case of understanding data that contains connections between devices, people and events. KeyLines helps users unify, clarify and explore those connections. It helps users make better decisions, faster.

One of the judges, Karla Jobling said, “there were more applicants this year than ever before and to be selected as a finalist is a great achievement. The Cyber Security Awards really focus on success and innovation, and we look for those who have passion, for what they are achieving within Cyber Security.”

Learn more about KeyLines and Cyber Security

Visit the Cyber Security Awards website.

The post KeyLines shortlisted for Cyber Security Award appeared first on Cambridge Intelligence.

Our favorite bits of the SDK that don’t get enough attention

The KeyLines software development kit (SDK) is a uniquely powerful bit of technology. In just a few lines of JavaScript code, developers turn dense data files into interactive network charts.

The KeyLines API Reference features over a hundred functions, objects and events. While this gives you ultimate flexibility to build tools, it’s easy to overlook useful functions in such a comprehensive library.

Let’s look at a few of KeyLines’ lesser-used functions that you might have missed. Enjoy!

chart.createLink

Visualizing networks can lead users to uncover connections that were previously unknown. For example, an investigator visualizing a fraud ring might be looking for connections between people. They can only understand those connections when they look at a broader network of attributes, like addresses or vehicles.

In scenarios like these, createLink lets end users draw new links in their chart.

It’s a pretty simple function that just needs the new link ID and the ID of the original node. You’ll also need to define the style of the new link. If you bind it to ‘hover’ and ‘mousedown’ events, you can build a drag-and-drop interface:

To get this working, first bind events to a function:

chart.bind('hover', addPlusIcon);
chart.bind('mousedown', startLinkCreation);

Then write code that uses createLink and adds ‘+’ glyphs so users know where to draw the link from:

// LINK CREATION CODE
function startLinkCreation(id, x, y, button, sub){
  // if the node has the plus icon on the top-right corner...
  if(sub === 'ne'){
    idCounter++;
    createLink(id, idCounter);
  // remember to return TRUE in this case to prevent default behaviour
    return true;
  }
  // otherwise just drag the node...
}
function createLink(nodeId, newLinkId){

Finally, define the style of our new link. We’ll keep it simple:

  // Define the style of the new link
  var newLinkStyle = {
    c: 'rgb(255, 127, 127)',
    t: 'New Link',
    w: 5,
    a2: true // link directed to the new node
  };
  // create the link and remove the + icon at the end in any case
  chart.createLink(nodeId, newLinkId, {style: newLinkStyle}, removePlusIcon);
  }

To download the full source code, go to the Add Items demo on the SDK site.

chart.setProperties with RegEx

setProperties is one of the most flexible and powerful functions in the SDK. To change the properties of many items at once, you simply need to pass their IDs (as an item or array) in this format:

chart.setProperties({id: id, propertyName1: value1, propertyName2: value2 });

But what many developers don’t realise is that if you specify that useRegEx = true, passed IDs are treated as regular expressions.

For example, in our Analyze Email Traffic demo, we use two ID formats for the nodes:

• A department name, such as “Admin”, “Sales”, etc.
• An external domain, such as “example.com”

In this case, we can use a RegEx expression to find only the department nodes and highlight them red:

Or domains which don’t end in “.com”:

If you think carefully about your ID strategy, you can use this as a powerful way to help users navigate their networks.

chart.lock

One of the many advantages of KeyLines charts is that they’re highly interactive. But what if you need to stop your users from interacting with them? That’s where chart.lock comes in.

For example, you might lock your chart while new data loads from your database. There will always be a slight delay as KeyLines waits for a response, and you may prefer to block user actions during this time.

It’s a simple function to use:

lock(val, options)

Val is a boolean (true/false) and for the options you can use {wait: true} to show the wait icon when the chart is locked:

Deactivating your chart for the few seconds it takes to load helps users stay in control of their progress, and reduces the likelihood of errors.

chart.serialize

The chart.serialize function returns a complete serialization of the current chart format. Together with chart.load, it lets you build features that let your users save, load and share charts, as well as undo and redo.

Our Save & Load Charts demo shows a sample implementation of chart.serialize. It uses a JavaScript object, but you could use a real database if you want to store chart versions on the back end.

A handy use of chart.serialize is to create undo/redo stacks, as we showcase in our our Add Undo/Redo demo. All we’re doing here is serializing the chart state after a user action, and adding it to an unlimited stack.

Here’s what happens when the user clicks the ‘undo’ button:

$('#undo').click(function () {
     redoStack.push(chart.serialize());
     chart.load(undoStack.pop(), refreshUI);
 });
 <pre class="prettyprint prettyprinted" style="margin-bottom: 22px;">

<p>And ‘redo’:</p>

<pre class="prettyprint prettyprinted" style="margin-bottom: 22px;">
 $('#redo').click(function () {
     undoStack.push(chart.serialize());
     chart.load(redoStack.pop(), refreshUI);
 });

It’s a convenient, and reassuring, addition for users.

graph.clusters

We’ve written about this function before, but would love to see more of you using it. As the name suggests, graph.clusters help identify clusters, or communities, in your network. It does this by calculating which partitions give the lowest modularity score.

There are a few options you can pass to tweak the clustering behavior:

• Value - assigns links a weighted value, which affects the modularity score, and therefore cluster size.
• Factor - a number between 0-10 that defines how large your clusters should be.
• Consistent - set to true for the same clusters each time you run the function, or false for different results each time.
• All - lets you decide whether to run clusters on all nodes, including hidden ones.

The best place to see clusters in action is our Use Clusters demo. In includes helpful UX ideas, like sliders and using colors to differentiate clusters.

Try it yourself

I hope this post has given you some ideas for improving your KeyLines applications! If you’re not already a KeyLines developer, why not give it a try?

Register for a free evaluation account of the KeyLines SDK.

Register now

The post 5 KeyLines functions you might have missed appeared first on Cambridge Intelligence.

More great news! We’ve been placed 15th in the Disrupt 100 – the annual index that showcases innovative companies with the potential to change the world.

Disrupt 100 celebrates companies that are set to influence, change or create new global markets. Every continent is represented, and sectors range from AI to agriculture. It’s judged by industry experts and entrepreneurs from giants including Uber, Google and Microsoft.

Kieran Harte, one of the judges from Uber, said the index aims to uncover the “household names of the future […] to recognize and learn from how they’re innovating.” Matt Connolly, Founder of Disrupt 100, said “the quality of the 100 included in this year’s list is higher than ever. Each company featured is doing something truly unique and we’re excited to follow what they do next.”

The news comes just weeks after KeyLines was shortlisted for Innovative Product of the Year at the Cyber Security Awards.

We’d like to thank Tällt Ventures, the data intelligence and innovation company, who organize Disrupt 100. For the full list, visit Disrupt 100 website.

The post We’ve been named a leading global innovator appeared first on Cambridge Intelligence.