Introduction
SIP Charts provides a visual representation of summarized data charted in line, bar, or radar chart format.
Line charts - Connect data points with a smoothed line. Especially helpful with time series data, where time, the Independent variable, is graphed along the horizontal axis, while the data of interest, the Dependent variable (so-called because its value depends upon the independent variable, or time) is graphed along the vertical axis.
Bar charts - Draw bars to enable comparison of discrete quantities of data of interest, the dependent variable, across a set of independent variables, which are often categories being compared.
Radar charts - Help with detecting patterns across multiple variables, which are measured by lines extending from a central point like spokes on a wheel. For a given observation, the related data points are plotted on each radial line and connected with lines to form a web shape. Multiple observations can be plotted on the same chart in different colors to enable comparison of shapes. This can help you find patterns that could easily go undetected in other chart styles.
Some charts sometimes fill the browser. If you can’t see all of the chart, you can reduce the size by changing your browser zoom factor. In the Google Chrome browser, for example, click the three-dot menu icon in the upper right corner, then click the minus sign to the left of the zoom factor. Alternatively, you can click the picture-frame icon to display the browser in full-screen mode. Press function key F11 to return to normal view.
SIP Charts options
Date selection
As with other ClearIP analytics functions, the top-left of the SIP Charts screen provides options for date/time range selection. (See date/time range selection for more information.) The default initial view shows data for a rolling hour. ClearIP retains 14 weeks of history, and old data rolls out of the system automatically.
Filters
You can use Filters to enter data selection criteria. For example, here is a filter definition to select records where the Called Country is equal to Cuba:
In the Filter Value field, you can select from a drop-down list of values, or you can begin typing the value you want. As you type, the drop-down list will show just the values that match what you’ve typed so far. In this example, the first three letters of Cuba have been typed, and only the country Cuba remains in the list. At this point, you could simply press the Enter key or click Cuba in the list to select Cuba for this filter.
You can enter more than one filter. If you have more than one filter, then a Filter Operator prompt will appear under the filters, so you can specify how the filters should be used. The Filter Operator answers the question: “Do all filters have to be true, or does at least one of the filters have to be true?” If the Filter Operator is And, then only records that match all of the filters will be selected. They all must be true. If the Filter Operator is Or, then records will be selected if they match at least one of the filters. Only one filter must be true.
Here is an example where all the filters must be true; the Filter Operator is And:
In this example, the Calling Country must be the United States AND the Called Country must be Cuba for a SIP record to be selected.
Here is an example where only one of the filters has to be true; the Filter Operator is Or:
In this example, the Called Country must be either Cuba, or Russia, or Ireland for a SIP record to be selected.
ClearIP does not support using multiple filters with a mixture of And and Or Filter Operators.
Chart type
Choose Line, Bar or Radar chart.
Variables
Choose an independent variable for grouping. These fall into three categories:
- Date/time fields. Examples include Second, Minute, Five-Minutes, Hour and Day (using UTC time, not local time). These Group By fields are great for looking at Total Calling Fraud Score and Total Called Fraud Score. For example, fast traffic pumping is detected when the Total Fraud Score in a five-minute period exceeds the fraud threshold. You can view a chart summing fraud scores grouped by Five-Minute blocks of time to see what those totals look like. This would help you set reasonable Default Fraud Threshold values in your Fast Traffic Pumping triggers, for example.
- Organizational fields. Examples include SBC, Service Provider, Group and User. These Group By fields are useful for summing call counts by organizational groups, if your company is set up to use segmented organizational groups.
- Other call attributes. Examples include Called Country, Calling Country, and a variety of other fields found in SIP records.
Choose up to three dependent variables. These are numeric fields, counts or fraud scores, which will be summed for each value of the independent variable. Examples include Total Called Fraud Score, Total Calling Fraud Score, SIP Count, SIP 404 Count, SIP 603 count and so forth. You can choose a color for each, either red, blue or green.
Illustrative examples
Here are a few examples of useful charts that you can create with SIP Charts:
Call activity by minute for the past hour. This is the default chart that appears when you run SIP Charts. It’s a line chart showing total SIP counts and SIP 603, or blocks, over the past rolling hour.
Fraud scores by five-minute blocks for a called country, for the current week. This is a very useful report for showing the highest fraud scores accumulated in a five-minute period for a selected called country. Since fast traffic pumping is analyzed per calling number or organization group by called country, this is the best way to get a sense of the magnitude of fraud scores, so you can set reasonable Default Thresholds in your Fast Traffic Pumping fraud triggers. For example, if you see five-minute accumulated fraud scores for a country up around 2, then you might like to set the Default Threshold around 8 or 10, or roughly 4 to 5 times the typical fraud score. This would help you catch a fraud attack as quickly as possible while reducing the chances of a false positive trigger event.
Call activity for the week by user. This is a radar chart that helps you quickly see the relative magnitude of call activity among users, which in this case are offices defined as users. (Your company may have defined a different organizational structure in ClearIP or might not be using a segmented organizational structure at all.) The chart shows SIP counts, SIP 404s (good calls) and SIP 603s (blocked calls). This helps you quickly see whether one office is making the largest share of calls or another office has a disproportionate rate of blocks.
