Examining @KTF_press With @fmsinc’s Sentinel Visualizer

@KTF_press : Cyberwarriors Of Kenya contains an examination of the Twitter social network of this irregular cybermilitia and a few of their common conversation partners, including KDF official spokesman @MajorEChirchir. The visualization shown was done with Gephi, an open source visualization tool with broad capabilities.

These are the good guys in a conflict involving Somalia’s al-Shabaab, but what they do is quite public, so I don’t think I’m aiding the enemy if I feed that same data into Sentinel Visualizer, a law enforcement or intelligence sector grade link analysis tool.

Today was my first adventure with SV beyond looking over someone else’s shoulder as they handled the demo data, but it was a fairly smooth introduction. The FMSChannel has a handful of videos, but the are well done. These are not meant for someone who wants to learn link analysis, they’re meant for someone already familiar with a tool like Maltego or Gephi, and they show you just where to go to find the things you need.

Sentinel Visualizer Import

The import process is a good bit more complex than the other two visualization tools I use. You can feed Sentinel Visualizer a fairly complex text file, but as long as the layout is regular it will happily pull both entities and links out for you. Here I was important the tweets from the five important accounts for Kenya, and the system was told to look for a source, a destination, and a time for the event.

Sentinel Visualizer Kenya Import

Once imported I left the force directed layout run. The first new feature I will ask for is mouse scroll wheel support – you have to go to a menu to pick zoom levels.

Full Time Range Of Tweets

I loaded the full time range of tweets …

Specific Time Range Of Tweets

And I goofed when I made this shot, not getting the slider at the bottom, but what you see here is that same dataset from above, only constrained to just a few days by adjusting the start/end slider. The capability to know that events happen at a certain time or that they have a duration is one of the defining characteristics for a full featured law enforcement/intel link analysis solution. If we needed one specific evening of events in Kenya with the other tools I use I would be manually filtering in some way, then creating the visualization. Here it’s just a normal feature of the tool.

Kenya Key Accounts Closeup

I like that the link weights (count of total interactions) are visible here. As a rule Sentinel Visualizer isn’t going to produce the sort of eye candy we get out of Gephi – this system is built for those planning operations in the field, and the people using it want clear, consistent, actionable information. Keep in mind there is a full featured database standing behind these visualizations – we can do things with this system that simple aren’t possible with the flat files that I feed Gephi.

This is just a starter post, written as much to put me on the spot as to inform you, and I think what we’ll do with Sentinel Visualizer is actually going to be less about appearance, and more dealing with the temporal and geospatial data. Now if only our new friends in @KTF_press had a spreadsheet of al-Shabaab activity and locations, then we could try some things with the geospatial capabilities of the system …


