Simple Event Correlator - Best Practices for Creating Scalable Configurations

During the past two decades, event correlation has emerged as a prominent monitoring technique, and is essential for achieving better situational awareness. Since its introduction in 2001 by one of the authors of this paper, Simple Event Correlator (SEC) has become a widely used open source event correlation tool. During the last decade, a number of papers have been published that describe the use of SEC in various environments. However, recent SEC versions have introduced a number of novel features not discussed in existing works. This paper fills this gap and provides an up-to-date coverage of best practices for creating scalable SEC configurations.