Sequence Scenario Design Tips

The following tips can be helpful when working with scenarios:

• Select an unusual occurrence to serve as the initial event in a pattern whenever possible. Doing this reduces the number of match states (partial matches) that are created during a run.
• Limit the rows retrieved in the datasets used by a pattern. Specifically, if certain records cannot satisfy the pattern criteria, apply logic to filter them out up-front. If certain detection conditions can be checked in the dataset, it is generally more efficient to allow the database to filter them out rather than applying this logic in the pattern. It is also helpful to determine the appropriate lookback period range that is necessary to identify the behaviors of interest. Thus, the patterns do not look through a larger volume of historical data than is really necessary.
• Use dataset sorting to the maximum extent possible. To optimize performance, sort records that are used together to form an alert into adjacent positions in the dataset. For example, if a pattern is looking for a behavior within one account, sort the datasets it uses so that the records are clustered together by account. Doing this minimizes the volume of data through which the pattern must search to find a match, and reduces the number of partial matches that are held in memory at any one time.

For more information about guidelines and design tips see Scenario Design Guidelines.