GP.Facilities Monitoring

Realizations of this Pattern can be used monitor other facilities for noteworthy events. This kind of facility is often used to help Operations and Security personnel in their functions.

The Pattern has functionality to trigger reactive management actions, but it can also trigger events pro-actively if patterns of suspect behaviour or suspect state are supplied to the Rules Engine. Therefore, this Pattern covers many use cases, among others:
 * Centralized log services, that allow (automated or manual) inspection of system event logs.
 * Central system monitoring services provide status information to their users, be they infrastructure administrators and/or service managers;
 * Security Incident and Event Monitoring (SIEM) systems, that can alert when a security incident occurs, and report on the security state of the connected facilities.
 * Intrusion Detection Systems (IDS), that monitor network or system activities for suspect or malicious activities or policy violations. To this end, the Filtering function of the Pattern is implemented in each facility that's being guarded, to scan the streaming data in those facilities. It is the job of the Rules Engine to match the normalized data with patterns that are identified as suspect or malicious.
 * Intrusion Prevention Systems (IPS), that work like IDS systems, but are also capable of shutting down the data streams and/or other activities in the guarded facilities if a suspicious activity or policy violation is detected. Note that in this case the Filtering function does not only provide the Pattern with the information needed to determine intrusion; it also directly interacts with the guarded facility. If an IPS takes more elaborate actions, then you may have to augment this Pattern with matching Generic Functions.