The data model

The data model in Siren Investigate acts like a blueprint that maps out:

  • The entity tables you’ll be working with, the data and fields that they contain, and how they map to conceptual entities.

  • The subsets of entity tables, known as searches.

  • The relations between entities.

The data model is at the core of Siren’s ability to investigate connected data by performing link analysis or associative dashboard navigation.

For definitions of the terms that are used in this section, see the Glossary.

Example: The data model’s effects on dashboards and graphs

Siren’s preloaded demo environment contains data sets that can be used for company intelligence and investigation of investments (see Getting started ).

In the demo environment, the Data model app contains the following Data model graph:

The data model graph for an entity identifier

On the left, you can view the types of entities in the demo environment, divided into:

  • Entity tables: These are tables of data about a specific type of entity. The Companies entity table, for example, contains hundreds of thousands of records - the individual entities - of companies and their attributes, such as their location, a description, and so on.

  • Entity identifiers (EIDs): These entities, which exist as an identifier, typically appear as a value in entity tables. Common examples of these are 'IP address' or 'Social Security Number'. In our demo data, 'Person Name' and 'City' are EIDs. This is convenient, as we do not have full records for people or cities.

In the Data model graph tab, entities are connected to each other by relations, which are represented by blue arrows. All of the relations are labelled and flow in a particular direction.

In the following topics, you will learn how to create a data model and populate it with data from local files or external datasources. But first, we will explore how the data model impacts the dashboards and working in the Graph Browser.

The data model and dashboards

In a dashboard, you can add a visualization called a Relational navigator.

The Relational Navigator allows you to navigate from the records that are currently visualized to a set of 'linked' records. It displays the relations that are defined in the data model.

For example, in the following screenshot, the Relational Navigator visualization in the All Companies dashboard displays the relations that connect companies with Articles (1) and Investments (2).

The companies dashboard with the relational navigator visualization

You can also navigate through an entity identifier (EID) - in this case, City (3) - although, in a slightly different way.

The data model and the Graph Browser

The link analysis feature, the Graph Browser, also shows relations based on the data model.

In the following screenshot, a company record is expanded to show linked records. The Expansion tab on the right allows you to select which relations you want to expand by (1).

The data model also controls the number that is displayed at the top right of each node (2). The number represents the number of links between that entity and other entities.

For more information, see Controlling graph expansion.

The Graph Browser showing the Expansion tab and a node count

If you are familiar with Kibana, an entity table also takes the role of an index pattern in Kibana, because it technically connects to one or more patterns of indices in the Elasticsearch back-end system.

With respect to Kibana, Siren Investigate makes the conceptual leap of considering each index also as a 'set of entities' (an entity table) and allows relations to be defined between them.