2.3 Operations

As the OFSBD administrator, you coordinate the overall operations of OFSBD: Data Management, Behavior Detection, and Post-Processing.

In a production environment, an Oracle client typically establishes a processing cycle to identify occurrences of behaviors of interest (that is, scenarios) at a specific frequency. Each cycle of OFSBD process begins with Data Management, Behavior Detection, and Post-Processing, which prepares the detection results for presentation for the users. Several factors determine specific scheduling of these processing cycles, including availability of data and the nature of the behavior that the system is to detect. The following sections describe each of the major steps in a typical production processing cycle:
  • Start Batch
  • Managing Data
  • Behavior Detection
  • Post-Processing
  • End Batch

Start Batch

Using the Batch Control Utility, you can manage the beginning of the OFSBD batch process (see Managing Batch Processing Utilities for more information).

Managing Data

The OFSBD Ingestion Manager controls the Data Management process. The Data Interface Specification (DIS) contains specific definition of the types and format of business data that can be accepted for ingestion. The Ingestion Manager supports files and messages for the ingestion of data. Data Management involves receiving source data from an external data source in one of these forms. The Ingestion Manager validates this data against the DIS, applies required derivations and aggregations, and populates the OFSBD database with the results (see Managing Data for more information).

Behavior Detection

During Behavior Detection, OFSBD Algorithms control the scenario detection process. The Detection Algorithms search for events and behaviors of interest in the ingested data in the FSDM. Upon identification of an event or behavior of interest, the algorithms record a match in the database.

OFSBD executes the following processes in this order to find and record scenario matches:
  1. The system populates temporary tables in the database; some scenarios depend on these tables for performance reasons.
  2. A network creation process generates and characterizes networks, filtering the links that the system evaluates in the construction of these networks. This is only relevant for certain scenarios.
  3. A match is created by executing scenarios. These scenarios are used to detect the behaviors of interest that correspond to patterns or the occurrences of prespecified conditions in business data. The process also records additional data that the analysis of each match may require.

Post-Processing

During post-processing of detection results, Behavior Detection prepares the detection results for presentation to users. Preparation of the results depends upon the following processes:
  • Match Scoring: Computes a ranking for scenario matches indicating a degree of risk associated with the detected event or behavior.
  • Alert Creation: Packages the scenario matches as units of work (that is, alerts), potentially grouping similar matches together, for disposition by end users. This is applicable when multiple matches with distinct scores are grouped into a single alert.
  • Update Alert Financial Data: Records additional data for alerts such as the related Investment Advisor or Security involved in the alert which may be useful for display and analysis.
  • Alert Assignment: Determines the user or group of users responsible for handling each alert.
  • Auto-Close: Based on configurable rules, closes alerts which are considered to be of lower priority based on attributes of the alert or the alert focus.
  • Highlight Generation: Generates highlights for alerts that appear in the alert list in the Alert Viewer subsystem and stores them in the database.
  • Historical Data Copy: Identifies the records against which the current batch's scenario runs generated alerts and copies them to archive tables. This allows for the display of a snapshot of information as of the time the alert behavior was detected.
  • Alert Notification: Sends e-mail to assignees about the alerts that are assigned to them.

End Batch

The system ends batch processing when processing of data from the Oracle client is complete (see Ending a Batch Process, for more information). The Alert & Case Management subsystem then controls the alert and case management processes. See Alert Viewer User Guide for more information.