AIS Workflows

There are two distinct workflows within AIS: one for incident information; the other for intelligence information. AIM periodically polls the archive locations for incident and intelligence JMBs and displays the information in Incident Manager and Intelligence Manager.

Incident-Driven Analysis Workflow

The AIS incident-driven workflow occurs as follows (see Figure 5):

Figure 5: AIS Incident-Driven Workflow

1. A trigger event occurs and is detected on a device configured for and running AI-Scripts. An AI-Script is executed.
2. An AI-Script builds an event JMB with event and router data, and sends it to a designated AIM archive location.
3. AIM receives the event JMB and displays it in Incident Manager. The incidents appear in My AIM Home where they can be assigned or flagged to an AIM user.
4. An AIM user submits an incident to JSS.
5. JSS creates and returns a case ID to AIM.
6. JTAC engineers work on the case and reports case status to AIM.

For more information about using Incident Manager, see Using AIM Incident Manager.

Intelligence-Driven Analysis Workflow

JSS receives informational JMBs from AIM and collects them in the knowledge base. AIM periodically polls JSS for the availability of intelligence messages consisting of informational (created by JTAC engineers specifically for the customer) or alert messages (based on the alerts for which the customer registered. The intelligence-driven workflow occurs as follows (see Figure 6):

Figure 6: AIS Intelligence-Driven Workflow

1. An AI-Script builds an intelligence JMB and sends it to a designated archive location on a weekly basis.
2. AIM periodically polls the archive location and receives the intelligence JMB.
3. The customer can specify how much information is shared with JSS on the AIM General Settings page.
4. AIM displays the intelligence JMB in the Intelligence Manager Information JMBs.
5. AIM periodically queries JSS for intelligence updates. Intelligence Updates consist of alerts (based on the AIM alert subscriptions) or intelligence updates created by JTAC engineers specifically for the customer.
6. JSS checks to see if there are any alerts or intelligence update messages destined for the customer’s AIM.
7. JSS responds to an AIM request with any alerts or intelligence updates for that installation.
8. AIM receives the alerts or intelligence updates and displays them in the Intelligence Manager Intelligence Updates tab.

For more information about using AIM Intelligence Manager, see Advanced Insight Solutions Overview.