Correlation refers to the relationship that exists between two data sources A and B: when behavior X is observed on A, behavior Y is expected to be observed on B. Genetec Citigraf™ operates on the basis of these correlations to find relevant information to assist the public safety responders.
What is a data source?
A data source in Genetec Citigraf™ is an external data provider that can be queried for specific types of information. The integration of the external data provider to Security Center is handled by a plugin role. Typical data sources used in Genetec Citigraf™ are computer-aided dispatch (CAD) systems, geographic information systems (GIS), record management systems (RMS), and so on.
What is an alert?
Some data sources can be event-driven, in which case they are called alerts. Alerts are notifications about time-sensitive events related to public safety, occurring at specific locations.
How is correlation used in Genetec Citigraf™?
- Basic correlation
- Basic correlation in Genetec Citigraf™ is the search for information related to an
alert, based on two criteria: time window prior to the alert time, and radius around the
alert location.
Basic correlation is applied when a user asks for more information about an alert they received in Security Desk, by double-clicking an alert in the alert tray. The system opens an Alert details task, in which it displays all information found within the time window and radius specified by the user, in relationship to the timestamp and location of the alert. The user can then narrow down the results by searching for keywords or tags found in the alert.
- Advanced correlation
- Advanced correlation in Genetec Citigraf™ uses correlation rules to find
relevant information about an alert.
A correlation rule is a set of user-defined data queries based on a correlation hypothesis. When alerts are received in Genetec Citigraf™, the correlation rules are automatically matched against the available data sources to validate the hypothesis. When a match is found (called a hit), a new alert is generated.
For example, if you suspect that most sexual assaults are perpetrated by repeat offenders, then when a CAD call comes in regarding a sexual assault, you would search through the criminal records of past sex offenders. You would also check whether there are any sex offenders on parole who happen to live near the crime scene. You can capture all this in a correlation rule and let the system alert you if it finds a match.
Who does what in Genetec Citigraf™?
- Correlation Service
- The Correlation Service is the central role that acts as the information hub in the Genetec Citigraf™ system. All correlation requests go through this role, which then queries the data sources through their corresponding plugin roles. The Correlation Service is also responsible for distributing the advanced correlation work, the processing of correlation rules, among the Correlation Rules Engine roles in the system. You only need one Correlation Service role per system.
- Correlation Rules Engine
- The Correlation Rules Engine role (rules engine in short) is the role dedicated to the processing of correlation rules in Genetec Citigraf™. If you have many complex correlation rules in your system, you can create multiple rules engines and host them on different expansion servers to distribute the workload.