Event rules are a set of business rules that determine how incoming event records are processed by the complex event processing (CEP) engine, and what type of event response (such as an event alert) is returned to the pipeline and the client application. You configure event rules in the Eclipse-basedtm complex event processing Rule Author tool. Event rules are grouped under a CEP project and exported into an event rules file named cep.xml.
You configure event rules to return information and alerts based on items of interest to your organization or analysts. Event rules can be configured to alert on the data from a single incoming event record. But most event rules group a collection of complex event data and trigger an alert after a particular threshold or condition is met.
In the Rule Author tool, event business rules are called situations. For more information, refer to CEP terminology.
Common event rules contain summing or counting functions. For example, you can configure an event rule to generate an event alert when any entity wires more than $15,000 U.S. dollars in a 24-hour time period.