Approaches for analyzing entity relationships

The invention claimed is: 1. A system comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the system to perform: obtaining log data from at least one computing system, the log data including one or more records that identify one or more Internet Protocol (IP) addresses of one or more computing devices that accessed the at least one computing system and one or more accounts hosted by the at least one computing system that were accessed by the computing devices and one or more timestamps indicating respective times of access of the IP addresses; determining, based at least in part on the obtained log data, that at least a first account was accessed from a computing device of the computing devices with an IP address of the IP addresses, and a time at which the first account was accessed based on the timestamps; determining whether the IP address has been permitted based on geolocation log data corresponding to the IP address or based on a type of traffic from one or more particular computing devices assigned to the IP address; in response to the IP address being permitted: receiving an indication that a second account was accessed using the IP address; and flagging the first account and the second account based on the respective times that the first account and the second account were accessed. 2. The system of claim 1 , wherein the flagging further comprises: flagging the first account, the second account, and a third account in response to determining that the first account, the second account, and the third account were accessed by the computing device within a specified timeframe. 3. The system of claim 1 , wherein the instructions further cause the system to perform: determining at least one record in the records that corresponds to a blocked IP address; and removing the at least one record from the records. 4. The system of claim 1 , wherein the instructions further cause the system to perform: exporting data corresponding to the IP address to a data analysis tool for further evaluation. 5. The system of claim 4 , wherein the instructions further cause the system to perform: determining at least one object in an object model that corresponds to the IP address, the object model being managed by the data analysis tool. 6. The system of claim 1 , wherein the instructions further cause the system to perform: providing an interface through which a link between the first account and the second account is presented. 7. The system of claim 1 , wherein the instructions further cause the system to perform identifying that a particular IP addresses accessed two different accounts of two different account types. 8. The system of claim 1 , wherein the instructions further cause the system to perform: identifying a first record in the records; determining that the IP address associated with the first record is blocked; and associating the first record with information that indicates the IP address is blocked. 9. The system of claim 1 , wherein the instructions further cause the system to perform: enriching the more or more records, the enriching comprising: identifying a first record in the records; determining geolocation log data associated with the IP address associated with the first record; and associating the geolocation log data with the first record. 10. The system of claim 1 , wherein the instructions further cause the system to perform: obtaining a set of financial reports from the at least one computing system, each financial report specifying one or more IP addresses used to access one or more financial accounts; and determining at least a pair of financial accounts that were accessed by the computing device with the IP address. 11. A computer-implemented method, the method comprising: obtaining log data from at least one computing system, the log data including one or more records that identify one or more Internet Protocol (IP) addresses of one or more computing devices that accessed the at least one computing system and one or more accounts hosted by the at least one computing system that were accessed by the computing devices and one or more timestamps indicating respective times of access of the IP addresses; determining, based at least in part on the obtained log data, that at least a first account was accessed from a computing device of the computing devices with an IP address of the IP addresses, and a time at which the first account was accessed based on the timestamps; determining whether the IP address has been permitted based on geolocation log data corresponding to the IP address or based on a type of traffic from one or more particular computing devices assigned to the IP address; in response to the IP address being permitted: receiving an indication that a second account was accessed using the IP address; and flagging the first account and the second account based on the respective times that the first account and the second account were accessed. 12. The computer-implemented method of claim 11 , wherein the flagging further comprises: flagging the first account, the second account, and a third account in response to determining that the first account, the second account, and the third account were accessed by the computing device within a specified timeframe. 13. The computer-implemented method of claim 11 , further comprising: determining at least one record in the records that corresponds to a blocked IP address; and removing the at least one record from the records. 14. The computer-implemented method of claim 11 , further comprising: exporting data corresponding to the IP address to a data analysis tool for further evaluation. 15. The computer-implemented method of claim 14 , further comprising: determining at least one object in an object model that corresponds to the IP address, the object model being managed by the data analysis tool. 16. A non-transitory computer readable medium comprising instructions that, when executed, cause one or more processors to perform: obtaining log data from at least one computing system, the log data including one or more records that identify one or more Internet Protocol (IP) addresses of one or more computing devices that accessed the at least one computing system and one or more accounts hosted by the at least one computing system that were accessed by the computing devices and one or more timestamps indicating respective times of access of the IP addresses; determining, based at least in part on the obtained log data, that at least a first account was accessed from a computing device of the computing devices with an IP address of the IP addresses, and a time at which the first account was accessed based on the timestamps; determining whether the IP address has been permitted based on geolocation log data corresponding to the IP address or based on a type of traffic from one or more particular computing devices assigned to the IP address; in response to the IP address being permitted: receiving an indication that a second account was accessed using the IP address; and flagging the first account and the second account based on the respective times that the first account and the second account were accessed. 17. The non-transitory computer readable medium of claim 16 , wherein the flagging further comprises: flagging the first account, the second account, and a third account in response to determining that the first account, the second account, and the third account were accessed b