Skip to main content
An Aggregate is a powerful, stateful function that performs a calculation over a specified time window. This is the key to detecting sophisticated fraud patterns that occur over multiple transactions. Aggregates are highly optimised; the engine pre-calculates them to ensure low-latency evaluation. Structure & Examples: The time window is defined using the ISO 8601 duration format (e.g., PT1H for 1 hour, P7D for 7 days). count: Counts the number of transactions. Use Case: Detect rapid, repeated transactions.
sum: Calculates the sum of a numerical field. Use Case: Detect structuring or high-volume activity.