Sequence Patterns

Sequence patterns search through one or more datasets to identify instances of a behavior of interest. When a sequence pattern searches through records, it creates a match state each time it finds a record that satisfies the specified initial condition in this pattern. The detection engine must hold this event in memory as it searches through additional records to verify whether the remaining conditions in the pattern are satisfied. The following drive pattern performance:

• Total number of records through which the pattern must search based on the size of the data- sets it is using.
• Number of match states (that is, partial matches) that it creates in the course of a run.
• Number of match states that the pattern must hold in memory simultaneously. This is often a function of the amount of data that the pattern must search through after the initial event is identified to determine whether the remaining conditions are satisfied.