Answering Big Questions With New Entity Types
December 18, 2013 • Chris
After recently announcing new Enterprise alerts, we’re back to introduce “entity type” queries for answering challenging web intelligence questions that cut across hundreds of thousands of entities at a time.
How would you go about identifying all of the people related to a particular subject or all of the companies reportedly affected by an APT or the group of cities where protests are planned for next weekend?
Recorded Future users can now design powerful queries for events involving any entity within an entity type. Categories include people, locations, companies, technologies, malware, and many more.
To get your juices flowing, we’ve come up with a few example questions for which entity types (in italics) are useful:
- What companies have been attacked by a particular threat actor?
- In what cities are disease outbreaks occurring right now?
- What hash values have been mentioned related to a high impact vulnerability?
- Who are the people associated with peace negotiations in Burma?
Querying by entity type is a powerful method for achieving very targeted results as well as filtering out general discussion when you’re seeking particular kinds of relationships and event information.
In each of the examples above, consider what we’ve been able to quickly identify: corporate targets affected by the Syrian Electronic Army; city-level disease reporting without treatment or country-level discussion; technical information about a software vulnerability; and people specifically invested in a peaceful political outcome in Burma.
How Exactly Does This Work?
As we analyze text from the web, entities are identified by linguistic algorithms and tagged with a type. Certain entity types have a parent / child relationship – cities within countries within continents – while others are independent.
Search for events using entity types by opening the advanced query builder, selecting the Involving line, and then choosing from the “Type” categories. You can also simply enter the name of a category in the Involving field. The full list of available entity types is here.
What happens when you search and entity type? If you’re looking broadly for quotations about Products, results could include the iPad, Model S, Xanax, and Internet Explorer all in the same data set. Or ask for Armed Attack events in Karachi that mention a Region (neighborhood level) to only display those references that include the desired granularity of geo-information.