JBISoft developed the ANID GUI functionality framework as a distributed web service utilizing Java Server Pages, Enterprise Java Beans, and Java Web Start. Security requirements of the ANID system demanded robust authenticated interfaces using SSL and 3DES encryption algorithms as well as open language standards design.
In addition to the incident and event details, the ANID GUI provides the mechanism for analysts to define and review Courses of Action (COAs) for incident resolution. Because COAs are tied to the incident type, the system allows the user to create a new COA or review and choose from historical COAs for rapid incident resolution. The Courses of Action information is shared among all analysts to aide in knowledge transfer and to help reduce response time. If a COA does not exist for a particular incident, the analyst can create or access an existing virtual team of experts to assist in the incident resolution.
The Expert Locator is a database of ANID users and analysts. The database contains user properties such as name, contact information, user skills and proficiency ratings. Users easily update their profile information via ANID. The Expert Locator tools provide analyst team member recommendations based on the incident type and the expert skills and proficiency required to solve the situation. The analyst can also search the expert database to invite experts to a team on an as-needed basis. Experts invited to a team are notified via email and an alert message.
The ANID Master GUI and Expert Locator portal provides one-stop access to review open and closed incidents and act upon incidents via an intuitive user interface. The end result is faster incident resolution for more reliable information assurance. Features include the ability to sort incidents by severity level and time, view incident details, view individual events that comprise an incident, create and manage virtual teams to assist in incident resolution.
VISTA provides real time MIL-STD-2525 symbology type visualization as implemented by the JTF-CNO Command Center Main Situations Display. Incidents are sorted, arranged, and displayed by time and priority. Common attributes are correlated and can be highlighted to indicate trends. Optional analysis modules are included to including source IP to destination IP correlation indication and incident count. Analysts can filter the VISTA display real-time to show incidents with similar properties to identify further correlations. Interactive displays provide drill down details for the analyst.