https://communities.sas.com/t5/Fraud-AML-and-Security/Email-Notification-as-a-part-of-AGP-in-SAS-VI-10-6/m-p/642043#M548 <P>Hi Dishen,</P> <P>&nbsp;</P> <P>The alert data model in VI separates the incoming "events" that need to be investigated from the alert "work item". The events are basically immutable - they get recorded when they arrive. When an alerting event arrives, the system will check if there is an alert or not. If there is no alert, one is created. If there is an alert, it is updated based on information in the new event. The score may change, the alert may be routed to a different queue, etc. We maintain a complete audit trail of changes that are made to the alert over time.</P> <P>&nbsp;</P> <P>In your situation, I think the easiest thing for you to do is query the svi_alerts.tdc_alerting_event table. You can use the created_dttm column to find all the new alerting events that were generated by scenario administrator. (Depending on your configuration, you may also want to filter on domain_id if the deployment includes multiple alerting domains.)</P> <P>&nbsp;</P> <P>Since you were talking about ETL, I was using "sql terminology". This information is also accessible via REST call. That would look something like this:</P> <P>&nbsp;</P> <DIV> <DIV><SPAN>/svi-alert/alertingEvents?filter=gt(creationTimeStamp,2020-04-22) or&nbsp;</SPAN></DIV> <DIV> <DIV> <DIV><SPAN>/svi-alert/alertingEvents?filter=and(eq(domainId,svidomain),gt(creationTimeStamp,2020-04-22))</SPAN></DIV> </DIV> </DIV> </DIV> <P>&nbsp;</P> <P>You can learn more about the alert data model by reading Chapter 2 of the SAS® Visual Investigator 10.6: User’s Guide, "Performing Alert-Based Investigations", and Chapter 16 of the&nbsp;SAS® Visual Investigator 10.6: Administrator’s Guide, "Alert Scorecards".</P> Wed, 22 Apr 2020 18:15:59 GMT _austin_ 2020-04-22T18:15:59Z https://communities.sas.com/t5/Fraud-AML-and-Security/Email-Notification-as-a-part-of-AGP-in-SAS-VI-10-6/m-p/641554#M543 <P>Hello all,&nbsp;</P><P>&nbsp;</P><P>Our requirement is to send email notifications when an alert is generated using SAS VI 10.6.&nbsp;</P><P>As Scenario Administrator does not help with sending email notifications, can we as an approach take data from the 'alert' table from the underlying data model, once the alert is generated, and then send email notifications by developing an ETL job basis the data retrieved.</P><P>If the above is recommended, can someone help with the understanding of the VI data model.&nbsp;</P><P>&nbsp;</P><P>Thank you,</P><P>Dishen Pancholi</P><P>SAS Fraud and Risk (Senior Consultant)</P><P>Global Fraud Analytics CoE</P> Tue, 21 Apr 2020 09:38:25 GMT https://communities.sas.com/t5/Fraud-AML-and-Security/Email-Notification-as-a-part-of-AGP-in-SAS-VI-10-6/m-p/641554#M543 dishen_pancholi 2020-04-21T09:38:25Z https://communities.sas.com/t5/Fraud-AML-and-Security/Email-Notification-as-a-part-of-AGP-in-SAS-VI-10-6/m-p/642043#M548 <P>Hi Dishen,</P> <P>&nbsp;</P> <P>The alert data model in VI separates the incoming "events" that need to be investigated from the alert "work item". The events are basically immutable - they get recorded when they arrive. When an alerting event arrives, the system will check if there is an alert or not. If there is no alert, one is created. If there is an alert, it is updated based on information in the new event. The score may change, the alert may be routed to a different queue, etc. We maintain a complete audit trail of changes that are made to the alert over time.</P> <P>&nbsp;</P> <P>In your situation, I think the easiest thing for you to do is query the svi_alerts.tdc_alerting_event table. You can use the created_dttm column to find all the new alerting events that were generated by scenario administrator. (Depending on your configuration, you may also want to filter on domain_id if the deployment includes multiple alerting domains.)</P> <P>&nbsp;</P> <P>Since you were talking about ETL, I was using "sql terminology". This information is also accessible via REST call. That would look something like this:</P> <P>&nbsp;</P> <DIV> <DIV><SPAN>/svi-alert/alertingEvents?filter=gt(creationTimeStamp,2020-04-22) or&nbsp;</SPAN></DIV> <DIV> <DIV> <DIV><SPAN>/svi-alert/alertingEvents?filter=and(eq(domainId,svidomain),gt(creationTimeStamp,2020-04-22))</SPAN></DIV> </DIV> </DIV> </DIV> <P>&nbsp;</P> <P>You can learn more about the alert data model by reading Chapter 2 of the SAS® Visual Investigator 10.6: User’s Guide, "Performing Alert-Based Investigations", and Chapter 16 of the&nbsp;SAS® Visual Investigator 10.6: Administrator’s Guide, "Alert Scorecards".</P> Wed, 22 Apr 2020 18:15:59 GMT https://communities.sas.com/t5/Fraud-AML-and-Security/Email-Notification-as-a-part-of-AGP-in-SAS-VI-10-6/m-p/642043#M548 _austin_ 2020-04-22T18:15:59Z