Thursday, March 13, 2008

SCE JavaScript Action

The State Based Correlation Engine (SCE) is a powerful tool for filtering and applying simple correlation rules to TEC events before TEC rules are applied, but a major deficiency is a lack of a general purpose action for manipulating events. In order to manipulate events in ways other than the simple methods provided by the supplied actions, one had to develop a new Java class.

Presented here is a general purpose SCE action that embeds the Rhino JavaScript engine that enables the use of JavaScript programs to manipulate events.

The SCE JavaScript custom action can be downloaded here.

Key features include:


  • Add, delete, and modify event attributes (slots)
  • Change event class (type)
  • Generate new events
  • Discard events
  • JavaScript regular expressions
  • Automatic conversion of Prolog list types to JavaScript arrays and back
  • Forward events to other SCE rules
  • Access SCE variables
  • Get and set SCE rule properties
  • Rhino Live Connect to access native Java objects such as JDBC
  • Optional mapping of event attributes to JavaScript properties of an Event object


    The README file contains examples of event flood detection and handling and JDBC (MySQL) event enrichment using Rhino's Live Connect feature.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)