Become A Member

© THE INTERCEPT

ALL RIGHTS RESERVED

Terms of Use Privacy
Documents

XKS Workflows 2009

Jul. 1 2015 — 9:52 a.m.

1/24
Download
Page 1 from XKS Workflows 2009
USA. AUS. CAN, GER. NZL p- 05 March 2009 DERIVED FRUMZJHEJEJE DATED: 20070103 BDMINTHRELTO AUS, CAN, GER, NZL DECLASSIFY ON: 20320108
Page 2 from XKS Workflows 2009
SECRETHCOMINTHRELTD USA, AUS, CAN. GER, NZL What is a workflow? a Workflows automate queries. I One?time - Standing Every search type can be a workflow. - Same functionality and capability Follow on actions - Email alert - Download actions - Metadata summary USA, AUS, CAN, GER, NZL
Page 3 from XKS Workflows 2009
0 08 it 3 WO i?I Anyone! One owner per workflow - Multiple-users can be notified - If ownership needs to be changed, a ticket can be submitted to the team. Future: sharing workflows - Right now, only the owner has the results in their ?My Results? View. USA, AUS, CAN, GER, NZL
Page 4 from XKS Workflows 2009
__Jl at ca I . Workflows can be configured to run once - i Workflows can be configured to run daily - Every hours I You can set an offset to start running at a certain hour - Download results Email results and email alerts MAILORDER results - report USA, AUS, CAN, GER, NZL
Page 5 from XKS Workflows 2009
Why do I want a worktl - XKEYSCORE has a rolling buffer of data Repetitive queries - Sigdev purpose - Fingerprint and appid testing - Queries take a long time during high times - Follow on actions - Google Earth data - Statistics - Customizable write a script! USA, AUS, CAN, GER, NZL
Page 6 from XKS Workflows 2009
USA, AUS, CAN, GER, NZL How do il- 5 Navigation Menu Explorer My Workilows LEJ Search Classic Ii] I: MultiSearoh u] Classic res-M a Classic N-Z .5 Common Category DNI - Document Meladata Email Addresses . lil LEE yup DWrelasa Results - My Reoert Results El My PrHvious ?ssile My Ongoing ?esuls - a My Downloads 3 ?3 statistics El L'nl: Summarizdlon a 3 Testing Emmi Tagging g: Till-h F?rnr?lnr Tam-1mm l] SE USA, AUS, CAN, GER, :i weaning?? .syyitch use}? Preferences Help Welcome to the New IIKEYSCORE Hume Page! If you haye questions or bug reports please go to EKEYSCORE New GUI Forum To use the old GUI, click here HUMAN RIGHTS ACT, USSID 18 AND USSID 9 queries require a justi?cation to ensure Human Righis ea.- (HRAI, USSID 1E: and SSID El compliance. Please enter information as prompted by me query interfaoe. an audit all has been established and will be searched as part of Menwi?'i Hill Station?s response to 1y complaint brought under HRA and as part ofthe USSID la and USSID 9 process. ease note that SENSITIVE TARGETING AP PROUAL (STA) is required for HRA before submitting 1y query which includes terms speci?c to a person or company (eg name, address, identity stalls such as communications address, passportg?bank account number) who EITHER is sfined as a UK, British Dependent Territory or Second Party "person" or is located Second Party country. is also required for wildcard pulls ?oat are eritabiy going to retriye a substantial proportion of such enties wildcarding on a UK city idej. Full legal guidance is ayailable from the HRA Compliance Offioer at Menwith Hill Station. cm i: dunond Fur-Ion n. ur'. ,Jl NZL
Page 7 from XKS Workflows 2009
SECRETHCOMINTHRELTD USA, AUS, CAN. GER, NZL How do I setup a workflow?? .I . I . Wurk?ow Central Request Wizard IFS a 3 Please select a SEarch Type. 1 Every session collected} indexed by "standard" DNI meta-data (teifmm 1P, port; casenatatiun, application id, sigad, etc). lFull Lug IVI 1 Search Type Help 5* . Cancel 4 Prev 9 Next jut-T." USA, AUS, CAN, GER, NZL
Page 8 from XKS Workflows 2009
SECRETHCOMINTHRELTD USA, AUS, CAN. GER, NZL How do I setup a workflow: work?uw Central Request wizard II x. 0 r- 0 6- Basic Information . let be unique per user We" Findme-apfj'd_ must have a justification Query Justi?cation: Testing appid Signature . on 3 ?dditional JuSti?EatiDn: .V Miranda Number: Datetime:l1Dey 45m:anaemia-um 3am: mamas @2359 $29 Reccurring Search Elne Time Search Basic Features Help 1" Rune once over a set datetime range . Cancel ?1 Prev 9' Next USA, AUS, CAN, GER, NZL
Page 9 from XKS Workflows 2009
SECRETHCOMINTHRELTD USA, AUS, CAN. GER, NZL How do I setup a workflow Wet-knew Central Request Wizard 8 I 0 Add Search Fields Search values are by default. 8 a To OR Search Fields: Use the Multiple Field Search tab (below the input ?elds). Select all the ?elds you wish in search. To UR Search lti?elues: Type between each tralue (no quotes). See Search Value Help below for more details or salad: 3 for a description of boolean logic go in here. field to I Search Field Search Value Remove 333 K. From IP Address oe To IP Address 1.2.3.4 Attribute it From IPAddress _i To IPAddress To Port 1 :1 1 or every field, Single Field Search Multiple Field Search I Search Hattie Help Ie key Cancel ?3 Prev [3 Next ii USA, AUS, CAN, GER, NZL
Page 10 from XKS Workflows 2009
SECRETHCOMINTHRELTD USA, AUS, CAN. GER, NZL Group by option Wurkl?low Central Request Wizard DGroup :1 ita results. Group Search Fields Would you like to group omr ?elds? 0 Red to. Na Yes RetL Group By Type Table Unique Values: f: Emu 6 Hal Global Unioue ililalues: Columns to Group By Datetime: Client ID This option groups eeoh maW?rT??rE and concatenated. Username: ?ittribute Info: From 113 ?ddress: To IP Address: From Fort: To Port: Select the fields you want to group by. From Country (IP21: To Country (IF): From Cit?; (IF): 717777/?177177 TCI Cit}! (IF): 5 From Latitude 1. Ll I Cancel 4 Prev 9' Next USA, AUS, CAN, GER, NZL
Page 11 from XKS Workflows 2009
SECRETHCOMINTHRELTD USA, AUS, CAN. GER, NZL Select databases i Work?uw Central Request Wizard Select the Detebase?} to l? xks- :qtl (HRS l? sks- :qsummar? txks- unsummaw) l? [:untent must exist Checki?ill Uncheck All Basic Features Help If this is selected, results are only returned if the content still exists at site. Cancel <1 Prev it USA, AUS, CAN, GER, NZL
Page 12 from XKS Workflows 2009
USA, AUS, CAN. GER, NZL Follow on Actions i Work?nw central Request Wizard QAW Fullo w-un Actions You like tn add any follow on actions l? Nu Ioca ems . script 3mm ?rswnents Add UAW . . I lEmaiI Mart Ev '3 ERCIWR: Return [:1an With Results Report Download Sessions EamWa?imt has:me plated. Next I 1 Cancel ?1 lire-uf USA, AUS, CAN, GER, NZL
Page 13 from XKS Workflows 2009
SECRETHCOMINTHRELTD USA, AUS, CAN. GER, NZL Email alert I [antral Request Wizard Fallow-on Actions you like to add any [allow on actions Comma delimited email ivll 5-: addresses. I EerltitiFt: I- Fteturn Only With Results A . . i. - This option only sends an email if you werkflow has results. . Cancel 4 Prev 1" Next I USA, AUS, CAN, GER, NZL
Page 14 from XKS Workflows 2009
SECRETHCOMINTHRELTD USA, AUS, CAN. GER, NZL SQL report Wurk?nw [antral Request Wizard Ful l?l'll -un Actions Email Subject: Email Content Ema? Attachment: ROWE: Filename'. Mail Order Trigraph: EQL: Cancel 4 Free' Would 1mu like to add any fallow on actions if? He 35' YES Script Script Arguments Add e: SQL Report iv Email Tu: i? Email Attachment or F'Return Only With Results Thib '[lUbt '51 Sm ghetadata that a user can set. Exarrlpie. SELECT A- . . FROM :l SELECT casenotatlon, Slgad WHERE stow? Err Ll. Cempress Contents FROM WHERE sigadl=? GROUP BY casenotation lr Next USA, AUS, CAN, GER, NZL
Page 15 from XKS Workflows 2009
SECRETHCOMINTHRELTD USA, AUS, CAN. GER, NZL Download Results Wurk?uw Central Request Wizard Fallow?an Actions i Would you like to add any follow on actions Yes ms-cript Script ?rguments "Add I 1User ID: I I- anwnInacl SESSIONS =Ema?ll Tn: Subject: I Email Content: .RDWR: 1? Return Dn1y With Results ,lFilanarne: {Mail Order jTrigraph: HBEIP: l? Compress Contents 1Istancl To Agihts: 1' Sand Tn agility Cancel ?1 Prev Next SECRETHCOMINTHRELTD USA, AUS, CAN, GER, NZL
Page 16 from XKS Workflows 2009
SECRETHCOMINTHRELTD USA, AUS, CAN. GER, NZL You?re almost done! WI, Wnrk?uw [antral Request Wizard 5 - Werk?nw ReviewI This query (Find_rni_.v_appid} will search the Full Lug table in databaeem: xks-jychanml] The query will run executing every 6 hours beginning at 5:00 EST The query will execute the following search cliteria: {and} ??eld 2::me IP Address if ?eld:- {value 3-1.2 .3 .4 (I value:- and {and {field?-Tn Film-:3i ?eld:- ?value >30 if value} {If and {and {?eld hAppID ?eld:- {value :a-searchf gaogle value:- {f and Wei-knew IIll-elues I Work?ew XML . Cancel 4 Prev Subm?: - USA, AUS, CAN, GER, NZL
Page 17 from XKS Workflows 2009
USA, AUS, CAN. GER, NZL Workflow Pending Tl'is' E-T run: 41' an ?inc-II II.- .--I- :i - I I aII-vll-ih-"L ..I c5" I:r11'- Welmme: Hume Central ll Search :3 Results Iagg'ng a PrBFEIen-zes Help meme Wham Men" g? Work?nm . i . ?ee: - 3 e3] Wursbe Wee Gum Name Last hilt-timed a?equ? 14:14: - 3 ?c?eele 'jthtiEeElrch El (Jessie Clara-sic El Emmnre DH Elmeurnert metedete game EErz?lreeteu Fllee State A Actions EHTTP Meir - Emene Number Extreme: ELEM Anti-elf a His Trenefer El ?hMiEeamh gale Addresses Elna: ELEM-same Newark Management El?eeml'l Wizard . 2 a,?va El D?tsu?e Elf-mf Recent Heeurte grey Heeul'te Era-1e angel-lg ?esutts -EIW me?eede 3 ?endis?es ELHII: Summariz?len :l Tagger-3 mm 1] 1 Pagall ?99539: Dhelaeinel-It-FI TD USA, AUS, CAN, GER, NZL
Page 18 from XKS Workflows 2009
USA, AUS, CAN. GER, NZL Workflow Approved rn .a-J-zita-zl and Human Hutu-Its -3 4' . - Welmmeu? switch uaers I Hams wurlc?nw Central '1 Sassth Li, El statistics Tagging a. Preferancas :Ha?qa?nn Hen" II Watk?nws a?Eprmr EIHDJTIE Ha: Emmi Wnrk?nw: - tn Cant I Quart Twe .. .. . .. .. ?a {Ft-mil 1.I:r -- Emm? fun?mg :quer?nbsz- El '3 535m? 35:21am: {jut} in; MurtiSearch Hamill} L, Clam; M, ?kgysarjame Imyser?amah mm?: a CD "1m" 5' {queryjuati?EHWbTESting magi; signature El Metadata - a Ems: Adm-?23533 sinteruaIsE-{fntewals Fuss m] Lag [m1 {Iggt?tjm?'l? El Adi'al'it'f {E??heres HG sans rd El -3 Dmn?t HM walues 1.2.3.4-ccfualue: a r:th I e: {and} sand? El Is Addr?s?s fl?elds METERS swa nasal-is?th ues afar-Id} a sand: ?3 ?magma? :?eldsmerprintsf?ehjs 3 {Hand} .3 {jwheres .3 Dwrelm 412:,? gruupjys El Results :Indaxaswnma {advanceds 7 I Elm? New? I LEW {rnutings [am-Imus . LI. [amt - I Tagging Carmel Save??Fin FHrAr-Inr Tann?nh I I Flag! ll? DE 1 I) 1 Fag! Slag. [Eliaymg a Tl emails-d 11.1: 1E: and Human . TD USA, AUS, CAN, GER, NZL
Page 19 from XKS Workflows 2009
SECRETHCOMINTHRELTD USA, AUS, CAN. GER, NZL Common mistakes DFrom IP and To IP with the same value. Elln this View, terms are together. DUse Multiple Field Search Tab. Work?uw Central Request Ili'lPizeird Add Search Fields Search Values are by default. Tu DR Search Fields: Use the ivlultiple Field Search tab {below the input fields}. Select all the ?elds you wish in seard'i. Te Search Values: Type between each value (no quotes). See Search I?r'alue Help helew ?er mere details or for a description of heelean legit go to here. riwu Search Value ?11; Address es Te IP Addresb 1.2.3.4 Attribute Ime Frern IP Address Te IPAddress LIL Te Pert Remove 3 1 Single Field Search Search italue Help Cancel 4 Prev it Next USA, AUS, CAN, GER, NZL
Page 20 from XKS Workflows 2009
USA, AUS, CAN. GER, NZL Common mistakes Work?ow Central Request Wizard DUsing the multiple mammal. Search Values are by default. DR F'eld break '8 up Into Use ?fe-lidulltipiesField Search tab (below the input ?elds). search <->Value To W's? ?3 3m? Type between each value (no quotes). See Search Value Help below for more details or - for a description of boolean logic go to m. separately In the . . - - Search Field Search Value Remove - Slnge fleldsea l'Ch . From IP Address 1.2.3.4 To IP Address 5.5.18 From Fort Bl] . V. I Single Field Search I Multiple Field Search Search 'ii'alue Help Cancel *1 Prev l? Next Eur-x9 USA, AUS, CAN, GER, NZL
Page 21 from XKS Workflows 2009
USA, AUS, CAN. GER, NZL Common mistakes Work?uw Central Request Wizard DThis will return ALL casenotations. Add Search Fields Search Values are by default. Te EIR Search Fields: Ba Use the Multiple Field Search tab (below the input ?elds). ,5 Select all the ?elds you wish t3: search. by la but a does Tu DR Search Values: Type between each value (no quotes}. equal?b? DAII the defeated See Search Value Help below ?Jr more details or for a descriptidn ef heelean legit go to here. Seareh Field Search Value Remove values must be 222222: :2 together. Cesendlatien ld Single Field Searth I Multiple Field Search Search 1Il'elue Help 1' Cancel 4 Prev 9' Next USA, AUS, CAN, GER, NZL
Page 22 from XKS Workflows 2009
SECRETHCOMINTHRELTD USA, AUS. CAN. GER, NZL Common mistakes Werk?nw Central Request Wizard If you are selecting specific SIGADs, only Search Values are by default. Te DR Search Fields: Use the Multiple Flelcl Search tab (below the Input ?elds}. have ata fro Select all the ?elds yclu wish 1le search. Te BR Search Values: 8 . Type between each value (ncr quetes). see Search yelue Help below for more details er a ueries wi return for a descripticln beelesn legic gel to here. Search Field Search Value Remove Cesenotetipn 3 big lie-walla" ti ?ll?I DLess work for the SIGAD e; system. Select the Detabese?) to query villus sites sites -NZ sites Content must exist Uncheck All Basic Features Help Cencl USA, AUS, CAN, GER, NZL
Page 23 from XKS Workflows 2009
SECRETHCOMINTHRELTD USA, AUS, CAN. GER, NZL Common mistakes Wurk?ow Eentrai Request Wizard . le you select the Wm?d rnuiike to add anyiulluwun actions make sure you put a tit. valid SQL statement! ?as Fallow?an Actions Script Script Arguments Add . SQL Repnrt 1v 03in? iv 'Ema? To: Email Subject: "My Work?ow Resuits . "l 5 1: SQL statement filled in. m" i' "t Erna? Email attachment ROWE: l? Return Only With Results CO rE F?enarne: Mail Order WHERE oasenotation!=? GROUP BY oasenotation SELECT catenmtatim FROM WHERE tattigtitqtatipti! GZIP: - Cams! 4 PPM 9 Next USA, AUS, CAN, GER, NZL
Page 24 from XKS Workflows 2009
USA. AUS. CAN, GER. NZL ms :3 . I xks_workflow r1 .r.nsa BUMINTHRELTO USA, AUS, CAN, GER, NZL