Define an analytics specification to detect anomalous physical access patterns across [Facilities] using data from [DataSources]. Prioritise KPIs such as [KPI1] and establish alert thresholds (e.g., [Threshold]). Include rules for tailgating proxies (impossible travel, after-hours multi-entry, piggyback probability), dormant badge reactivation, and access outside assigned profiles.
Output format:
Metrics dictionary (Markdown table): Metric | Definition | Calculation | Owner | Review Cadence.
Detection rules with SQL-like pseudocode (code block).
Alerting matrix (Markdown): Severity | Trigger | Channel | SLA | On-Call.
Dashboard wireframe description (bulleted) and required filters/timeframes [Timeframe].
Privacy & minimisation checklist for [PrivacyOfficer] sign-off.
Incorporate model performance feedback loop (precision/recall targets) and evidence capture for investigations.