...
When a synthesis rule creates a new event, first the contents of the most recent triggering event are copied over. Then the event name is set to the name given in the rule, an audit trail of triggering events is added (by adding the properties nodes and eventids), the event is marked as synthetic, and finally any enrichment entries from the rule are added in.
Please note that synthetic events are not stateful events, i.e. they are not subject to deduplication and they cannot be acknowledged (or 'closed') by any future 'opposite' event.
Event Processing
At this point the new event is inserted into the database, and is ready for further action processing. This action processing (e.g. escalation, mail notification, custom logging) is performed immediately.
...