data visualization for convenient analytics using Grafana as an example

What is the subject?

Imagine yourself as an employee responsible for the operation of security systems at a large facility, where daily tasks require servicing and configuring everything related to security alarms, video surveillance and access control.

Not only do you need to know all these systems well, you also need to keep track of what is happening in them. Of course, in security systems, there is a separate class of systems for solving such problems – PSIM or SSSI. They ensure the integration of security systems and implement the functions of operational monitoring and reactions. However, these systems are not always suitable for the customer: they may be unprofitable or too difficult to implement.

So I started thinking about how to help our product users provide a tool for more visualization of what is happening in the system.

Data in ACS and their features

Of course, the ACS data is not as voluminous as the arrays of information that we can find in large industrial or business systems, everything is more modest here. Despite this, they are of interest both for the work of the security department and for the analysis of the components of various business processes.

Let's take a closer look at what data can be generated by the ACS:

1. Data on identifiers and their owners. Who works in what company and what department, how many access identifiers they have, what type they are and when they expire.

2. Data on access modes. Who, when and where can go. Work schedules.

3. Information on visitor passes and requests for visits. Registered requests for visits, which of them are awaiting approval and which need approval. Issued passes, passes available for issue to visitors. Which visitors are already on the site and where.

4. Data on events of employee and visitor passage in the system.

5. Location data of employees and visitors. Who is where at the moment?

6. Data on alarming events in the system. Unauthorized access attempts, facts of hacking access points or events on non-standard system behavior.

7. Equipment status data. Loss and restoration of connection with devices, equipment switching to backup power and main power, backup battery status, etc.

8. Data on the actions of system operators. Who performed what actions in the software.

Systems often provide “raw” data in the form of an upload, and they are not always convenient for the needs of different types of users. For example, managers need to track current attendance or working time records, security personnel need to quickly track incident trends in the system, and operations – failures.

To display operational information, you can use dashboards that have already become an integral part of systems that handle large amounts of data – BI systems, IT infrastructure monitoring systems.

The Role of Dashboards in Access Control System Data Analytics

Any data can be presented in a visual form for a quick assessment of the situation or state of the system, but the use of dashboards is not always obvious and accessible. If the system does not provide such capabilities, you may not even know that it was possible to obtain information quickly without manually analyzing heavy, difficult-to-interpret reports.

In business systems, dashboards are used for visual and prompt display of the company's economic and financial indicators, and sales information. In distributed systems, dashboards are used for comprehensive monitoring of the health of technical and information infrastructure.

ACS, in turn, have a lot of specific data, and some of it can be very useful in visual presentation.

Optimizing data display

Dashboards can be customized for different types of users, ensuring optimal data display based on their needs. This includes the use of different visualizations such as graphs, tables, and histograms. Optimizing the display of data helps to quickly perceive information and speed up the decision-making process.

For senior security teams, dashboards provide aggregated data and key metrics such as total incidents, average response times, and access statistics by zone. This allows leaders to quickly assess the overall security posture and make strategic decisions.

For security operations personnel, dashboards can display more detailed metrics such as access attempt timestamps, user identification, and equipment status. This helps in operational system management and quick troubleshooting of technical issues.

Detecting anomalies

Dashboards can be used to identify anomalies in user behavior and respond to them promptly. For example, if an intruder methodically and repeatedly tried to gain access to a room to which he has no access, these alarms might not be noticed in the operational list of events, but the alarm graph will show a surge in abnormal behavior and this will be a trigger for launching a service check.

Tracking checkpoint occupancy rates or room utilization

Dashboards allow you to track key indicators of checkpoint occupancy. Historical or real-time data on checkpoints can be used to analyze checkpoint occupancy trends, utilization of certain areas at the facility, which allows you to make decisions on optimizing the system or draw certain conclusions to optimize costs for maintaining the workspace or making changes to the access scheme at the enterprise.

For example, a dashboard displaying the number of passages at each of the passage points and simultaneously displaying the maximum capacity of the checkpoint per hour will allow you to notice an increase in the load on the checkpoint and make a timely decision on expanding the number of passage zones at the enterprise in order to avoid traffic jams.

Selection of tools and technologies

When a user in the security systems market is faced with the task of displaying data from the systems operated at their facilities, they have several available solutions.

Native visualization tools for specialized software

In this case, the user inevitably faces a number of limitations: the data and its visualization are in different interfaces; while this is an acceptable option for an operations specialist, it is an unacceptable scenario for a manager.

Because of this, companies are faced with processes for transmitting reports in the form of downloads, their manual compilation by security service employees, and other non-automated processes.

Such solutions may be suitable for owners of small systems and objects; the user receives functions right out of the box.

PSIM or SSOI systems

PSIM (from the English Physical security information management – “physical security information management”) is a category of software that provides a hardware and software complex for integrating several unrelated security applications and devices and managing them through a single user interface.

This class of systems provides the user not only with the ability to aggregate the main functions of the security system into a single interface, but also provides the ability to centrally collect and process data for rapid responses to threats or data analytics in a visual representation.

The solution is suitable for medium and large objects. Often, each implementation is unique and requires support and modifications for each of the objects, which entails additional costs and the involvement of additional specialist resources.

BI platforms

This class of systems allows connection to various data sources, including access control systems. BI platforms are directly designed for data processing and visualization, so they have powerful tools for these tasks.

Suitable for medium and large users with broad tasks of collecting and visualizing data, not only security systems, but also business data.

Data visualization systems such as Grafana

They also have powerful visualization tools, but unlike BI systems, they work exclusively with external data sources.

It can use both final data sources and specialized databases that collect information from various systems.

Suitable for any type of system owner. For implementation, a minimal server infrastructure and a specialist with basic knowledge of databases and information security are sufficient.

Designing Dashboards

I am not an expert in dashboard design, so I will not go into details of this process. However, it is important to note that dashboards are not just pretty pictures with various graphs.

Dashboards need to solve specific problems, so it is important that they are clear and informative. Below I have provided basic recommendations for creating dashboard requirements so that they are useful and effective.

On the topic under consideration, I found articles from Ozon and Sibur interesting.

Integration with ACS

We have reached the practical stage and now it is time to think about the technical features that we may encounter.

Connecting to a data source from Grafana

In Sigur we use MariaDB (MySQL) or PostgreSQL DBMS depending on the deployment operating system and the administrator's choice. Adapters for connecting the source to Grafana are available for both DBMS.

Safety

Create an account in the DBMS with read-only rights to the data. In general, to ensure secure access to the system data, it is necessary to adhere to a number of rules for ensuring information security, however, in order to save time, this information is outside the scope of this article.

What points should you pay attention to:

• selection in the VIEW database and restricting account access to read only up to them;

• creation of a separate database with query results to separate it from the system database;

• delineation of operator roles within Grafana itself.

Querying data from the database
Querying the data source to obtain the required information for visualization is covered in documentation.

Here I will show an example based on one of the dashboards for a general understanding of what is happening. Let's take one of the dashboards and look at the pass data:

SELECT DATE(LOGDATE) as DATE, COUNT(LOGDATE) "Количество проходов" FROM `tc-db-log`.v_logs WHERE $__timeFilter(LOGDATE) AND DEVHINT IN (1,2) AND LOG_TYPE IN (6) GROUP BY DATE(date)

Here we access the table of events, filtering them by several criteria: DEVHINT – id of specific access points for which we perform event queries, LOG_TYPE – where type 6 is a validated pass event and $__timeFilter(LOGDATE) – filter by period, the period value itself is substituted from the parameter TIME RANGE the dashboard itself.

GROUP BY DATE(date) – groups the received data by days; COUNT(LOGDATE) – counts the number of received events by day.

Application examples

Passes for the period

Allows you to evaluate the trend of the number of passages in passage areas or the level of utilization of premises. The graph indicators can be valuable at enterprises for assessing the load on passages by days per month.

These metrics can also be broken down by user groups, such as contractor organizations on a site, to track the traffic load for each organization.

There are other great examples of aisle analytics in the market: at companies that have implemented aisle trend analytics, those responsible began to plan the purchase of products for supplying canteens according to historical and operational data, which led to the optimization of food purchasing costs and reduced food waste by 40%.

Unique passes for the period

Unlike the previous example, it displays a graph of unique passes over a period. This allows you to understand the number of unique visitors: employees or guests.

The chart indicators can be valuable for calculating the attendance of an exhibition or assessing the discipline of the enterprise's employees' attendance. An additional indicator can also be displayed as the number of unique visitors for the entire selected period.

Current day passes

Displays the dynamics of passages within a certain day, most often today.

Allows you to evaluate the workload of checkpoints at enterprises or event sites on the current day by the hour. The indicators of the number of passes per hour on the graph can be compared with a certain threshold of the throughput of a checkpoint or a group of checkpoints at the checkpoint.

Also displays the number of unique visitors per entry to estimate the current daily traffic.

How many people are in the office and what is the total number of staff?

Displays the number of people in the specified area at the current time and how many employees in total we expect to be at work.

Allows you to quickly track the current presence of people in the office in quantitative terms. The indicators can be divided into zones/departments, for example, how many contractors IP Kokushkin are currently at the construction site, how many of them we expect today.

Location panel

A list of employees currently in the office can often be accompanied by a widget showing the number of people in the area. Displays Employee name And Time of passage to the specified zone.

Number of unapproved visit requests

Displays the number of requests that have not been processed by the responsible employee. Allows you to see the status of the current work of the pass office or security personnel responsible for coordinating visit requests.

If the number of requests starts to exceed the critical value, the indicator changes color and attracts attention. The transition of the value through the critical threshold may indicate problems with the process of implementing the movement of requests to visit the object.

Audit of actions in the system

Displays the number of operator actions in the system today and in dynamics over a period of time.

Based on the dashboard indicators of the number of actions in the system at a given time, it is possible to track the presence of an abnormal number of operator actions – something is being massively deleted, which should not be done. Or, on the contrary, to track the absence of any actions in the system, which can also be an abnormal indicator that something is wrong with the state of the system, for example, users are unable to perform any actions.

Unauthorized access attempts for the period displayed as a graph

Displays unauthorized access attempts for today and in dynamics for the month.

Allows you to track the increased trend of incidents and subsequently analyze them using the system. A large number of attempts to enter with an unknown card or into a room where there is no access is a reason to make sure that there is no sabotage or failure at the enterprise.

Alarm panel

Displays the number of alarm events in the system for today and for the period, as well as a list of event data. Can be used to track the number of alarms at each branch.

How we used the visualization system together with Sigur software at the exhibition

At exhibitions, companies demonstrating their solutions often have the problem of assessing the attendance of their stand, the activity of people in a particular area of ​​the stand. As a rule, the exhibition organizer itself offers only general data on the number of visits to the exhibition for the entire period, which, of course, does not help to understand the interest of visitors specifically in the product.

At the annual security industry exhibition, I decided to experiment and look at the activity graphs of the flow of people at the stand during the event, as well as the ratio of visitor interest in each of the demonstration zones.

Of course, video analytics would have been more effective in some of the scenarios, but we decided to work with the data we had on hand. Fortunately, the data in our system allows us to clearly understand when various actions were performed on it.

All activity was built on identification events in each of the zones – in fact, one event is the fact of demonstrating a solution in one of the booth zones. Conclusions on the data are in each of the blocks.

Logical zones were identified that were responsible for certain industry or functional areas:

• access control area, where classic access control solutions were demonstrated: working with readers, arming by holding a card, identification using a mobile application;

• QR zone for visitors, where users could create a request for a visit using a special web module and enter this zone using a QR received by mail;

• breathalyzer zone, where the system, when identifying itself with readers, required the user to undergo an alcohol intoxication test;

• biometric zone, where user access was achieved using facial recognition;

• a server solutions area, where equipment adapted for access to server cabinets was presented;

• mobile terminal zone, where users were identified using a special mobile access point, which is a smartphone with the Sigur application;

• intercom zone, where solutions were presented for implementing access control in residential complexes, in particular integration with basIP intercom call panels.

Demonstration activity by day

The most active day of the exhibition at the stand was WednesdayApril 17.

Also on the chart you can pay attention to Monday — the day of building up the stand area, the high activity on this day is due to the process of setting up and checking the operation of all systems before the start of the exhibition itself.

Activities in each of the demo zones by day

From the graphs it is clear that the most popular zones were Biometrics, Breathalyzer, Server Solutions and Classic Access Control Zone.

Data:

• activity in the biometric zone is determined by automatic recognition of employees at the stand;

• there was significant interest in web applications, the lack of activity on the chart is due to the long path of demonstration to identification itself – which is shown on the chart.

Comparison of the number of demonstrations using your own cards and special cards

We see that the data from the maps prepared this year for demonstration in each of the zones were used in a significant number of demonstrations, which is an indicator of the effectiveness of this choice.

Number of full-fledged Web application demonstrations

These are full-fledged applications that were created using the new UI and brought to a logical conclusion – sending an invitation to the email with a QR code.

It may seem that this is a small amount. However, if we take the average time for demonstration of creating an application, it turns out to be about net 4 hours active demonstration time.

Demonstration activity within days by hours

From the statistics we see:

• On Tuesday, the most active time was in the morning hours, immediately after the opening of the exhibition;

• Wednesday turned out to be normally distributed in terms of activity; there was activity at the stand almost all day;

• On Thursday, there is a decrease in activity at the stands, with the most active flow at the stand occurring in the hours after opening.

What is the use of data?

• you can plan the number of specialists at the stand each day and by time;

• plan a time when specialists can spend time studying other representatives at the exhibition and leave the stand.

Conclusion

Thank you for taking the time to read the article to the end! If you have something to say, welcome to the comments. You can also contact me by email dmitry.popov@sigur.comI am open to discussing your tasks and product development needs.

Help us evaluate the usefulness of each of the dashboards presented in the article and understand the specifics of their implementation in your systems – link You will find a short survey.