Rule Patterns

The rule matcher detection tool searches large datasets to identify situations of interest, either based on an individual occurrence of a particular event or an aggregate analysis of the activity that a particular entity performs. The rule matcher can search across multiple datasets for the presence or absence of particular events. The tool can access data incrementally, retrieving records for only those entities that satisfied the conditions specified earlier in the pattern.

The following drive the performance of rule patterns:

• Amount of time required for retrieving records from the pattern’s primary dataset.
• Total number of datasets that the pattern uses.
• In order to avoid accessing unnecessary data records, the pattern can eliminate cases from consideration early in the pattern.