7.1 About Post-Processing

During post-processing of ingested data, Behavior Detection prepares the detection results for presentation to users.

Preparation of the results depends upon the following processes:

• Augmentation: Collects information for pattern detection, which enables proper display or analysis of these results may be required.

  Note:

  The Match Augmentation process is no longer explicitly run as a separate job. It is automatically executed at the end of each scenario run.
• : Packages the scenario matches as units of work (that is, alerts), potentially grouping similar matches together, for disposition by end users.
• Batch Execution of CTR: The CTR Batch should be executed every day after alert creation job is run.

Order of Running Post-Processing Administrative Tasks

Run the post-processing administrative tasks in this order:

• Alert Creation (503)
• Batch Execution of CTR