6.3 Alert Creation

Matches are converted into events with the Alert Creator processes. These processes are part of the Behavior Detection subsystem.

The system uses two types of Alert Creator jobs:

• Multi-match Alert Creator: Generates events for matches that share a common focus, are from scenarios in the same scenario group, and possibly share other common attributes. Each focus type has a separate job template.
• Single-match Alert Creator: Generates one event per match.

  Note:

  The KDD_JRSDCN table is empty after system initialization and requires populating before the system can operate. If a new jurisdiction is to be added, it should be added to KDD_JRSDCN table.