This glossary contains the terms and definitions for important
concepts in the Active Correlation Technology.
- ACT
- See Active
Correlation Technology.
- action
- An expression that runs as part of a rule response or when a rule is loaded,
unloaded, activated, or deactivated.
- Active Correlation Technology
- An IBM® technology
that provides event correlation through rules.
- Active Correlation Technology compiler
- The Active Correlation Technology component that parses a rule set and
any code that is contained within it to generate the internal data structures
that are required by the Active Correlation Technology engine.
- Active Correlation Technology engine
- The Active Correlation Technology component that processes events according
to the output of the Active Correlation Technology compiler.
- Active Correlation Technology rule builder
- A GUI for writing correlation rules in the Active Correlation Technology
rule language.
- Active Correlation Technology rule language
- An XML-based language for writing rules to correlate events. These rules
can then be deployed to Active Correlation Technology runtime environments.
- Active Correlation Technology runtime environment
- An application in which the Active Correlation Technology engine is embedded,
with or without the compiler.
- collection pattern
- A rule pattern that defines a rule to collect a group of selected events
within a time interval. A rule that is defined by the collection pattern is
a stateful rule.
- computation pattern
- A rule pattern that defines a rule to apply a computation (through an
expression) to collected events as each event is received within a time interval.
A rule that is defined by the computation pattern is a stateful rule.
- domain
- The category to which a group of rules apply based on their function.
For example, a domain can represent a specific geographic area, IT management
discipline (such as security detection or network event correlation), or business
organization (such as a specific company or division with a company).
- duplicate pattern
- A rule pattern that defines a rule to count the second and subsequent
events that are accepted within the specified time interval but to skip the
rule set processing for these events. A rule that is defined by the duplicate
pattern is a stateful rule.
- event provider
- Any software that generates events that are processed by the Active Correlation
Technology.
- event selector
- The criteria for event selection. These criteria determine what events
are accepted for processing by a rule. The event selector includes the event
type and the filtering predicate.
- expression
- Code that contains custom logic that can be added to a rule. Rule writers
can use expressions for different purposes, such as the initialization of
variables, the definition of event selection criteria, or the specification
of rule response actions and life cycle actions.
- expression language
- The programming language in which an expression is written.
- external event
- An event that the Active Correlation Technology engine receives from a
source that is external to it.
- external object
- An object that an application creates to communicate with expressions.
- filtering predicate
- An expression that defines the condition under which an event is accepted
for processing by a rule. The filtering predicate is a part of an event selector.
A filtering predicate returns a boolean value.
- filter pattern
- A rule pattern that defines a rule to take a certain action when it accepts
an event. A rule that is defined by the filter pattern acts only on a single
event and is therefore a stateless rule.
- grouping key
- A method for directing a rule to create a separate rule instance (or copy
of itself) for each group of events that share common characteristics.
- import
- A programming language-specific way to make external code accessible to
expressions.
- internal event
- An event that is created by a rule that is running in the Active Correlation
Technology engine. This event might be forwarded to other rules.
- life cycle action
- An expression that runs when a rule is loaded, unloaded, activated, or
deactivated.
- node
- An object within the rule hierarchy that can be individually and independently
added to, removed from, or replaced within a rule set. Specifically, these
objects are nodes:
- Rules
- Rule blocks
- Rule block variables
- Rule set variables
Because an object cannot be operated on individually and independently
below the rule level, a rule variable is not a node.
- predicate
- See filtering
predicate.
- response
- See rule response.
- rule
- The correlation unit that is used to recognize relationships among events
and to run appropriate rule responses. A rule is an implementation of one
of seven rule patterns and is organized, according to its function, into a
rule block that is part of a rule set. A rule accepts an event for processing
if the event meets the event selection criteria.
- rule block
- The organizational unit for grouping rules by function into domains within
the rule set. A rule block can contain not only rules but also other rule
blocks.
- rule instance
- In the context of the grouping key, a copy of a rule.
- rule pattern
- The representation of an event correlation situation (such as a threshold
condition or duplicate event detection). The Active Correlation Technology
rule language includes the following rule patterns: collection, computation,
duplicate, filter, sequence, threshold, and timer. The pattern of a rule is
matched when the situation that is defined by the rule occurs. When the pattern
is matched, the rule concludes its processing by taking the appropriate rule
response actions. While a rule is active, the rule pattern can be matched
multiple times.
- rule response
- An expression that is run when the Active Correlation Technology engine
recognizes that a rule condition has been met. A rule response consists of
one or more actions.
- rule response action
- See action.
- rule set
- The rule execution unit for the Active Correlation Technology rule language.
The rule set contains the rules, organized into rule blocks, to be executed
by the Active Correlation Technology engine. The engine acts on only one rule
set at a given time.
- sequence pattern
- A rule pattern that defines a rule to detect the presence or absence of
a certain sequence of events within a time interval. The sequence can be ordered
or random. A rule that is defined by the sequence pattern is a stateful rule.
- snippet
- An excerpt of source code.
- stateful rule
- A rule that retains state information, which is information about the
characteristics of a rule instance, for the purpose of acting on a collection
of events over a period of time. Rules that are defined by any of the following
rule patterns are stateful rules: collection, computation, duplicate, sequence,
threshold, or timer.
- stateless rule
- A rule that does not retain state information and therefore can act only
on one event at a time. A rule that is defined by the filter pattern is a
stateless rule.
- threshold pattern
- A rule pattern that defines a rule to collect a group of selected events
within a time interval and to determine, after each event is received, whether
a threshold condition has been met. A rule that is defined by the threshold
pattern is a stateful rule.
- timer pattern
- A rule pattern that defines a rule to initiate actions at regular intervals.
A rule that is defined by the timer pattern is a stateful rule. Although a
timer rule does not process events, it can be activated or deactivated by
an event.