6.2 Alert Creation

Matches are converted into alerts with the Alert Creator processes. These processes are part of the Behavior Detection subsystem.

The system uses two types of Alert Creator jobs:

• Multi-match Alert Creator: Generates alerts for matches that share a common focus, are from scenarios in the same scenario group, and possibly share other common attributes. Each focus type has a separate job template.
• Single-match Alert Creator: Generates one alert per match.

Note:

The KDD_JRSDCN table is empty after system initialization and requires populating before the system can operate. If a new jurisdiction is to be added, it should be added to KDD_JRSDCN table.

Running the Alert Creation Job

The Alert Creator is part of the Behavior Detection subsystem. Behavior Detection provides default job templates and job template groups for running Alert Creator. These jobs can be modified using Administration Tools. Refer to the Administration Tools User Guidefor more information.

The following sections describe running each type of Alert Creator.

Run Multi-match Alert Creator

To run the multi-match Alert Creator, follow these steps:

1. Verify that the dispatcher is running.
2. Run the start_mantas.sh script as follows: start_mantas.sh 502 where 502 is the job template that Behavior Detection provides to run the Alert Creator algorithm.

Run Single Match Alert Creator

To run the single match Alert Creator, follow these steps:

1. Verify that the dispatcher is running.
2. Run the start_mantas.sh script as follows: start_mantas.sh 503 where 503 is the job template that Behavior Detection provides to run the Alert Creator algorithm.