Glossary

This glossary contains the terms and definitions for important concepts in the Active Correlation Technology.

ACT
See Active Correlation Technology.
action
An expression that runs as part of a rule response or when a rule is loaded, unloaded, activated, or deactivated.
Active Correlation Technology
An IBM® technology that provides event correlation through rules.
Active Correlation Technology compiler
The Active Correlation Technology component that parses a rule set and any code that is contained within it to generate the internal data structures that are required by the Active Correlation Technology engine.
Active Correlation Technology engine
The Active Correlation Technology component that processes events according to the output of the Active Correlation Technology compiler.
Active Correlation Technology rule builder
A GUI for writing correlation rules in the Active Correlation Technology rule language.
Active Correlation Technology rule language
An XML-based language for writing rules to correlate events. These rules can then be deployed to Active Correlation Technology runtime environments.
Active Correlation Technology runtime environment
An application in which the Active Correlation Technology engine is embedded, with or without the compiler.
collection pattern
A rule pattern that defines a rule to collect a group of selected events within a time interval. A rule that is defined by the collection pattern is a stateful rule.
computation pattern
A rule pattern that defines a rule to apply a computation (through an expression) to collected events as each event is received within a time interval. A rule that is defined by the computation pattern is a stateful rule.
domain
The category to which a group of rules apply based on their function. For example, a domain can represent a specific geographic area, IT management discipline (such as security detection or network event correlation), or business organization (such as a specific company or division with a company).
duplicate pattern
A rule pattern that defines a rule to count the second and subsequent events that are accepted within the specified time interval but to skip the rule set processing for these events. A rule that is defined by the duplicate pattern is a stateful rule.
event provider
Any software that generates events that are processed by the Active Correlation Technology.
event selector
The criteria for event selection. These criteria determine what events are accepted for processing by a rule. The event selector includes the event type and the filtering predicate.
expression
Code that contains custom logic that can be added to a rule. Rule writers can use expressions for different purposes, such as the initialization of variables, the definition of event selection criteria, or the specification of rule response actions and life cycle actions.
expression language
The programming language in which an expression is written.
external event
An event that the Active Correlation Technology engine receives from a source that is external to it.
external object
An object that an application creates to communicate with expressions.
filtering predicate
An expression that defines the condition under which an event is accepted for processing by a rule. The filtering predicate is a part of an event selector. A filtering predicate returns a boolean value.
filter pattern
A rule pattern that defines a rule to take a certain action when it accepts an event. A rule that is defined by the filter pattern acts only on a single event and is therefore a stateless rule.
grouping key
A method for directing a rule to create a separate rule instance (or copy of itself) for each group of events that share common characteristics.
import
A programming language-specific way to make external code accessible to expressions.
internal event
An event that is created by a rule that is running in the Active Correlation Technology engine. This event might be forwarded to other rules.
life cycle action
An expression that runs when a rule is loaded, unloaded, activated, or deactivated.
node
An object within the rule hierarchy that can be individually and independently added to, removed from, or replaced within a rule set. Specifically, these objects are nodes:
  • Rules
  • Rule blocks
  • Rule block variables
  • Rule set variables
Because an object cannot be operated on individually and independently below the rule level, a rule variable is not a node.
predicate
See filtering predicate.
response
See rule response.
rule
The correlation unit that is used to recognize relationships among events and to run appropriate rule responses. A rule is an implementation of one of seven rule patterns and is organized, according to its function, into a rule block that is part of a rule set. A rule accepts an event for processing if the event meets the event selection criteria.
rule block
The organizational unit for grouping rules by function into domains within the rule set. A rule block can contain not only rules but also other rule blocks.
rule instance
In the context of the grouping key, a copy of a rule.
rule pattern
The representation of an event correlation situation (such as a threshold condition or duplicate event detection). The Active Correlation Technology rule language includes the following rule patterns: collection, computation, duplicate, filter, sequence, threshold, and timer. The pattern of a rule is matched when the situation that is defined by the rule occurs. When the pattern is matched, the rule concludes its processing by taking the appropriate rule response actions. While a rule is active, the rule pattern can be matched multiple times.
rule response
An expression that is run when the Active Correlation Technology engine recognizes that a rule condition has been met. A rule response consists of one or more actions.
rule response action
See action.
rule set
The rule execution unit for the Active Correlation Technology rule language. The rule set contains the rules, organized into rule blocks, to be executed by the Active Correlation Technology engine. The engine acts on only one rule set at a given time.
sequence pattern
A rule pattern that defines a rule to detect the presence or absence of a certain sequence of events within a time interval. The sequence can be ordered or random. A rule that is defined by the sequence pattern is a stateful rule.
snippet
An excerpt of source code.
stateful rule
A rule that retains state information, which is information about the characteristics of a rule instance, for the purpose of acting on a collection of events over a period of time. Rules that are defined by any of the following rule patterns are stateful rules: collection, computation, duplicate, sequence, threshold, or timer.
stateless rule
A rule that does not retain state information and therefore can act only on one event at a time. A rule that is defined by the filter pattern is a stateless rule.
threshold pattern
A rule pattern that defines a rule to collect a group of selected events within a time interval and to determine, after each event is received, whether a threshold condition has been met. A rule that is defined by the threshold pattern is a stateful rule.
timer pattern
A rule pattern that defines a rule to initiate actions at regular intervals. A rule that is defined by the timer pattern is a stateful rule. Although a timer rule does not process events, it can be activated or deactivated by an event.