Documents
TWO FACE on GCHQ Wiki
Feb. 22, 2017
TOP SECRET COMINT
The maximum allowed on GCWiki is TOP SECRET COMINT. Click to
For GCWiki help contact:
TWO FACE
From GCWiki
(Redirected from
Jump to:
Logon to PALANTIR OPERATIONAL
Logon to PALANTIR REF
Logon to
Logon to
Logon to
Logon to
Logon to
Contents
Vision
"To Drive forwards the mission for effective Analysis and Knowledge use for Cyber Defence by providing more ef?cient complex
analysis and sharing of knowledge
TOP SECRET COMINT
The maximum allowed on GCWiki is TOP SECRET COMINT. Click to
For GCWiki help contact:
TWO FACE
From GCWiki
(Redirected from
Jump to:
Logon to PALANTIR OPERATIONAL
Logon to PALANTIR REF
Logon to
Logon to
Logon to
Logon to
Logon to
Contents
Vision
"To Drive forwards the mission for effective Analysis and Knowledge use for Cyber Defence by providing more ef?cient complex
analysis and sharing of knowledge
[edit] Targets
Next Deliveries will be:
1.
2.
3.
4.
Automation of XKS importer
Improve flexible importing of data
Improved QFD Helpers (in no order): AutoAssoc / Social Anthropoid / Infinite Monkeys / Karma Police.
Improve UI performance and look and feel
[edit] 5 Eyes Collaboration
CD Target DSD Palantir
DSD-GCHQ Palantir Tests
SE diagram of the GCHQ - DSD Palantir Link up
Cyber Defence Targeting
[edit] Documents
See Palantir Documents or Online Instance
[edit] How to Guides ...
These are now starting to be generated so ideas are gratefully received.
1. Getting started
1. How do I...Get Started in Palantir
2. How do I...Use the different entities in Palantir
3. How do I...Get the accounts I need and set up a development environment (DISCOVER link)
2. Importing X-KEYSCORE into Palantir
1. How do I...Get Data from XKS in Palantir
2. How do I...Select an XKS profile for importing my data
3. How do I...Start an XKS search from Palantir
4. How do I...Find which end is the server in Palantir NEW
3. Working with data from QFDs
1. How do I...Run Sam Pepys queries in Palantir
2. How do I...Run HrMap queries in Palantir
3. How do I...Run Mutant Broth queries in Palantir
4. How do I...Associate Mutant Broth Presence Events with HRMap Request events in Palantir
4. Working with the Graph view
1. How do I...See an auto preview of a document or object properties? NEW
2. How do I...Label objects with additional Properties using Bulk Object Editor NEW
3. How do I...View lists of objects NEW
4. How do I...View lists of objects with a given type or Property IN PROGRESS
5. How do I...Change object type NEW
6. How do I...Work with large groups in Palantir
7. How do I...Rapidly find specific Properties in the Histogram IN PROGRESS
5. Publishing Data
1. How do I...Publish in Palantir NEW
6. Find and view data within Palantir
1. How do I...Find the Signatures in Palantir
2. How do I...Use RT Tickets In Palantir
3. How do I...Use the Histogram to filter events in Palantir
4. How do I...Get a different view on existing events data in Palantir
5. How do I...Rapidly view large numbers of events in the Browser NEW
7. Searching
1. How do I...Run a bulk search
8. Miscellaneous
1. How do I...Run bulk operations over my objects in Palantir
2. How do I...Copy data from Palantir into Excel or Word NEW
[edit] Targets
Next Deliveries will be:
1.
2.
3.
4.
Automation of XKS importer
Improve flexible importing of data
Improved QFD Helpers (in no order): AutoAssoc / Social Anthropoid / Infinite Monkeys / Karma Police.
Improve UI performance and look and feel
[edit] 5 Eyes Collaboration
CD Target DSD Palantir
DSD-GCHQ Palantir Tests
SE diagram of the GCHQ - DSD Palantir Link up
Cyber Defence Targeting
[edit] Documents
See Palantir Documents or Online Instance
[edit] How to Guides ...
These are now starting to be generated so ideas are gratefully received.
1. Getting started
1. How do I...Get Started in Palantir
2. How do I...Use the different entities in Palantir
3. How do I...Get the accounts I need and set up a development environment (DISCOVER link)
2. Importing X-KEYSCORE into Palantir
1. How do I...Get Data from XKS in Palantir
2. How do I...Select an XKS profile for importing my data
3. How do I...Start an XKS search from Palantir
4. How do I...Find which end is the server in Palantir NEW
3. Working with data from QFDs
1. How do I...Run Sam Pepys queries in Palantir
2. How do I...Run HrMap queries in Palantir
3. How do I...Run Mutant Broth queries in Palantir
4. How do I...Associate Mutant Broth Presence Events with HRMap Request events in Palantir
4. Working with the Graph view
1. How do I...See an auto preview of a document or object properties? NEW
2. How do I...Label objects with additional Properties using Bulk Object Editor NEW
3. How do I...View lists of objects NEW
4. How do I...View lists of objects with a given type or Property IN PROGRESS
5. How do I...Change object type NEW
6. How do I...Work with large groups in Palantir
7. How do I...Rapidly find specific Properties in the Histogram IN PROGRESS
5. Publishing Data
1. How do I...Publish in Palantir NEW
6. Find and view data within Palantir
1. How do I...Find the Signatures in Palantir
2. How do I...Use RT Tickets In Palantir
3. How do I...Use the Histogram to filter events in Palantir
4. How do I...Get a different view on existing events data in Palantir
5. How do I...Rapidly view large numbers of events in the Browser NEW
7. Searching
1. How do I...Run a bulk search
8. Miscellaneous
1. How do I...Run bulk operations over my objects in Palantir
2. How do I...Copy data from Palantir into Excel or Word NEW
[edit] Overview
This page details the datasources currently available within Palantir as well as other sources of data that are currently in development or
planned. For current integration status, see the RTC project for TO120/144
Note that this page lists sources of data rather than helpers. For example, GEOFUSION HACIENDA and FOXTRAIL are all accessible through
the same helper within Palantir.
[edit] Current datasources
Datasource
CROUCHING
SQUIRREL
HALTER HITCH
GEOFUSION
HACIENDA
FOXTRAIL
Import method
Under
development?
Deployed to
PIT?
Deployed to
OP?
Auto-resync
No
No
Yes
Auto-resync
Analyst-driven helper
Analyst-driven helper
Analyst-driven helper
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
GORDIAN KNOT
Analyst-driven helper
No
No
No
XKEYSCORE
SAMUEL PEPYS
MUGSHOT
RAPID TAPIR
NTOC reports
FIVE ALIVE
GOOGLE FUSION
Analyst-driven helper
Analyst-driven helper
Analyst-driven helper
Analyst-driven helper
Manual import by analysts
Analyst-driven helper
Tiles for map application
Analyst driven external
webpage
No
No
Yes
Yes
Yes
No
No
Yes
Yes
No
No
Yes
No
Yes
Yes
Yes
No
No
Yes
Yes
Yes
Yes
Yes
No
Auto-Resync
No
Yes
Yes
Analyst-driven helper
Analyst-driven helper
Auto-resync
Analyst-driven helper
Tiles for map application
Yes
Yes
Yes
Yes
No
Yes
No
No
No
Yes
Yes
Yes
No
No
Yes
TO144-Notepit
Open source malware
info
INTEGER SPIN
HRMAP
NDIST RT
MUTANT BROTH
OpenStreetMap
Notes
GK Broke their PKI somehow; requires
investigation
Deployment awaiting data owner OK
Automation to be investigated
Too highly classified for PIT
Too highly classified for PIT
Too highly classified for PIT
[edit] Planned datasources
Datasource
Notes
DEAD SEA
API needs investigation
MOONRAKER/OBERON Raptorable datasource
Open source data
TO144 open source data. Some integration work done.
8ball
Analytic value needs investigation. Some initial scripts written, not deployed anywhere
Global Surge
Highly nocon. Something to pass across to
in TDB?
DISCOVER
Lots of politics required
Oberon
Required for EPR. Needs further discussion with legal/policy
[edit] Project Details
[edit] Ontology
[1]
[edit] Contacts
[edit] Overview
This page details the datasources currently available within Palantir as well as other sources of data that are currently in development or
planned. For current integration status, see the RTC project for TO120/144
Note that this page lists sources of data rather than helpers. For example, GEOFUSION HACIENDA and FOXTRAIL are all accessible through
the same helper within Palantir.
[edit] Current datasources
Datasource
CROUCHING
SQUIRREL
HALTER HITCH
GEOFUSION
HACIENDA
FOXTRAIL
Import method
Under
development?
Deployed to
PIT?
Deployed to
OP?
Auto-resync
No
No
Yes
Auto-resync
Analyst-driven helper
Analyst-driven helper
Analyst-driven helper
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
GORDIAN KNOT
Analyst-driven helper
No
No
No
XKEYSCORE
SAMUEL PEPYS
MUGSHOT
RAPID TAPIR
NTOC reports
FIVE ALIVE
GOOGLE FUSION
Analyst-driven helper
Analyst-driven helper
Analyst-driven helper
Analyst-driven helper
Manual import by analysts
Analyst-driven helper
Tiles for map application
Analyst driven external
webpage
No
No
Yes
Yes
Yes
No
No
Yes
Yes
No
No
Yes
No
Yes
Yes
Yes
No
No
Yes
Yes
Yes
Yes
Yes
No
Auto-Resync
No
Yes
Yes
Analyst-driven helper
Analyst-driven helper
Auto-resync
Analyst-driven helper
Tiles for map application
Yes
Yes
Yes
Yes
No
Yes
No
No
No
Yes
Yes
Yes
No
No
Yes
TO144-Notepit
Open source malware
info
INTEGER SPIN
HRMAP
NDIST RT
MUTANT BROTH
OpenStreetMap
Notes
GK Broke their PKI somehow; requires
investigation
Deployment awaiting data owner OK
Automation to be investigated
Too highly classified for PIT
Too highly classified for PIT
Too highly classified for PIT
[edit] Planned datasources
Datasource
Notes
DEAD SEA
API needs investigation
MOONRAKER/OBERON Raptorable datasource
Open source data
TO144 open source data. Some integration work done.
8ball
Analytic value needs investigation. Some initial scripts written, not deployed anywhere
Global Surge
Highly nocon. Something to pass across to
in TDB?
DISCOVER
Lots of politics required
Oberon
Required for EPR. Needs further discussion with legal/policy
[edit] Project Details
[edit] Ontology
[1]
[edit] Contacts
Senior User:
SE Lead:
PM:
Data Owner:
Business Change:
Training
Training is currently offered as 1-2-1 desk based training with a Palantir trainer. This gives you the opportunity to quickly apply Palantir to your
current work task. If you would like to ?nd out more about training please contact?
Task
As part of the Cyber Defence Theme, the strand that was searching for a Knowledge Storage tool. The results of the ?rst part of this strand will
be published shortly. As part of this process we determined that we really needed a bit of a kick forward in the technology we use. It was
decided to trial to see What this could do for the business, and more speci?cally the Cyber Defence Mission. There is part of this strand
to understand the gaps in our toolset. (more information here next week)
This page will develop fairly rapidly as we understand how we use the tool. Ontology comes ?rst! (hence it takes up most of this page)
User Base
The User base is speci?cally for CD0 and CDL. The Ontology, the data sources, the focus is purely for the Cyber Defence/Network Defence
remit. The operationally used version will be locked via PKI to these individuals. However, the development section will have a wider
audience. There will be access for people wider than NDIST to help build the understanding throughout the organisation.
Logon
Logon site is:
Ontology
Needs more Or a link.
Requests and new requirements
Please email for any new requests or requirements. Also worth contacting the Palantir SU to
explain the context and importnace of request.
Present Ontology
So as many of the now can access the tool themselves, removing the duplication of having the ontology on the wiki.
Quick Questions
This is a quick set of notes on things I get asked a lot:
Is there an IM channel for us to chat informally? yes
There is a related to this topic:
palantir - palantir-gchq User informal chat)
Are people outside NDIST going to get Palantir?
That's a question being answered by Transforming Analysis' project. However, we're helping them by providing access to our
Senior User:
SE Lead:
PM:
Data Owner:
Business Change:
Training
Training is currently offered as 1-2-1 desk based training with a Palantir trainer. This gives you the opportunity to quickly apply Palantir to your
current work task. If you would like to ?nd out more about training please contact?
Task
As part of the Cyber Defence Theme, the strand that was searching for a Knowledge Storage tool. The results of the ?rst part of this strand will
be published shortly. As part of this process we determined that we really needed a bit of a kick forward in the technology we use. It was
decided to trial to see What this could do for the business, and more speci?cally the Cyber Defence Mission. There is part of this strand
to understand the gaps in our toolset. (more information here next week)
This page will develop fairly rapidly as we understand how we use the tool. Ontology comes ?rst! (hence it takes up most of this page)
User Base
The User base is speci?cally for CD0 and CDL. The Ontology, the data sources, the focus is purely for the Cyber Defence/Network Defence
remit. The operationally used version will be locked via PKI to these individuals. However, the development section will have a wider
audience. There will be access for people wider than NDIST to help build the understanding throughout the organisation.
Logon
Logon site is:
Ontology
Needs more Or a link.
Requests and new requirements
Please email for any new requests or requirements. Also worth contacting the Palantir SU to
explain the context and importnace of request.
Present Ontology
So as many of the now can access the tool themselves, removing the duplication of having the ontology on the wiki.
Quick Questions
This is a quick set of notes on things I get asked a lot:
Is there an IM channel for us to chat informally? yes
There is a related to this topic:
palantir - palantir-gchq User informal chat)
Are people outside NDIST going to get Palantir?
That's a question being answered by Transforming Analysis' project. However, we're helping them by providing access to our
