Friend and colleague Don Adams, CTO World Wide Public Sector, TIBCO Software, explains how CEP can be used to sense, adapt and respond to complex situations in The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architecture in Defense.
One of the benefits of working in different countries is to get the perspectives of various client’s event processing problems. Of interest to event processing professionals, companies are moving away from expensive software solutions and increasingly moving toward experimenting with economical and open software packages to solve complex problems.
Recently, I was talking with a client about their experience with commercial security event management (SEM) solutions, for example ArcSight. In his opinion, ArcSight was not an economically viable solution for his company, so he recommended I take a look at Open Service Event Management (OSEM).
OSEM helps organizations collect, filter, and send problem reports for supported systems (ProLiant and Integrity) running compatible agents. OSEM automatically sends service event notifications when system problems are detected.
I have not had a chance to look under the hood of OSEM and see how it can be used to collect and send events to emerging rule-based event processing engines. However, this looks like an interesting lab project and I would like to hear from readers who have experimented with this systems architecture.
Not quite ready for prime-time, we have been testing our home-grown UNIX domain socket adapter using Coral8 Java APIs. We are using this adapter to evaluate and demonstrate stream processing with intrusion detection systems (IDS) using event stream processing to reduce false alarms, detect derived situations from the raw intrusion event data, and feed a security management visualization dashboard.
You can click on the teaser image below to see more of our first IDS screenshots from Coral8’s Studio stream visualization tool.
If you click on the image above, you will four additional event stream properties. For this part of the demo, there are 14 total IDS properties in the event stream, but we only show 5 properties in this cropped screen capture.
I am quite sure that we could do similar integration with other event stream processing engines, but fortunately Coral8 makes it easy to download, start developing and testing.
Marc Adler shows why his musings are rapidly becoming one of my “must read” blogs in his post, CEP Vendors and the Ecosystem.
We have been making similar points in the event processing blogosphere, namely the important of adapters and analytics. Today, event processing vendors are surprisingly weak in both areas.
For one thing, there was way much emphasis on rules-based analytics in 2007. Where are the rest of the plug-and-play commercial analytics end users need for event processing??
And another thing….. 🙂
Why are there so few choices of adapters and why do we have to write our own??
Sometimes I think that if I read another press release on 500,000 events per second I’m going to shout out – the event processing software on the market today cannot even connect to a simple UNIX domain socket out-of-the-box, so how about ZERO events per second!
The bottom line is that the market is still wide open for a software vendor to come to the party with a wide array of plug-and-play, grab-and-go, adapters and analytics.
Folks are talking COTS, but more often it is NOTS.