Track:
Contents
Downloads:
Abstract:
We describe a distributed reasoning system called Otto-Mate. Otto-Mate provides a variety of built-in agents that make it easy to ingest events from logs and add-on tools, response agents to implement responses, and reasoner agents that can reason about situations. All of these capabilities are connected using a popular agent framework, enhanced with a few additional security features. Reasoning agents in Otto-Mate implement a form of situational reasoning, related to case-based reasoning, and the facts in a reasoner's working memory can be synchronized over multiple reasoners. This allows the implementation of parallel distributed reasoning algorithms that can detect event patterns irrespective of whether the events occur locally or remotely. Distributing the reasoning avoids a single point of failure for the monitoring system, and makes the system much more robust and survivable.