IM InfoSphere Identity Insight, Version 8.0

Event Manager

Event Manager extends the capabilities of IBM InfoSphere Identity Insight by combining near real-time event analysis and event monitoring with identity and relationship resolution. When enabled, Event Manager provides your organization with the ability to track business events and alert on suspicious events or events of interest, so that you can take the appropriate business action in a timely manner, to assist your organization in its fight against threat and fraud.

Because the threat and fraud scenarios are constantly changing, Event Manager provides you with the flexibility to define the types of events to track, and configure the business rules for processing events and generating event alerts. These rules are a set of criteria that Event Manager uses to determine how events are processed and what triggers an event alert. You configure the business rules, based on your business needs and scenarios.

You also decide what constitutes an event alert. Event alerts are not typically triggered by a single event, but by a series of complex events that all happen at different times, within different contexts. For example, you might define a business rule that aggregates money transfers by customer over a given time period, and generates an alert if the total amount exceeds the legal limit. Or you might define a business rule that alerts you when two credit card purchases using the same credit card number occur within the same hour at locations more than 200 miles apart.

How event processing works

The Event Manager feature of IBM InfoSphere Identity Insight works with the IBM Active Middlewaretm Technology complex event processor, which consists of two parts: the CEP engine and the EclipseTM-based Rule Author tool. You configure the business rules for events and event alerts in the Rule Author tool, then export that configuration as the CEP.XML file. After you enable Event Manager, whenever the pipeline detects incoming UMF data formatted using the EVENT data segment, the pipeline processes the data for identity resolution and then passes on the processed data to the CEP engine. The CEP engine processes the event data against the event business rules configured in the CEP.XML file, and returns the decision information back to the IBM InfoSphere Identity Insight pipeline, where the event information is stored in the entity database. If there are event alerts associated with an event or combination of events, you can configure Event Manager to display those event alerts in the Visualizer or another visualizer tool for further analysis and disposition.

You can also configure your client application so that the CEP engine can return immediate decisions to the client application, providing your organizational representatives with on-the-spot information. For example, the CEP engine could immediately alert your customer service representatives to stop a transaction, such as a wire transfer that would exceed the legal dollar limit allowed for a customer to transfer within a 24-hour time period.



Feedback

Last updated: 2011