diff --git a/.github/ISSUE_TEMPLATE/01_bug_report.md b/.github/ISSUE_TEMPLATE/01_bug_report.md
new file mode 100644
index 0000000..8495c6c
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/01_bug_report.md
@@ -0,0 +1,21 @@
+---
+name: 🐜 Bug report
+about: If something isn't working 🔧
+---
+
+### Subject of the issue
+Describe your issue here.
+
+### Your environment
+* Version of detectmate
+* Version of python
+* Docker or manual installation?
+
+### Steps to reproduce
+Tell us how to reproduce this issue.
+
+### Expected behaviour
+Tell us what should happen
+
+### Actual behaviour
+Tell us what happens instead
diff --git a/.github/ISSUE_TEMPLATE/02_feature_request.md b/.github/ISSUE_TEMPLATE/02_feature_request.md
new file mode 100644
index 0000000..442b05c
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/02_feature_request.md
@@ -0,0 +1,20 @@
+---
+name: 🚀 Feature request
+about: If you have a feature request 💡
+---
+
+**Context**
+
+What are you trying to do and how would you want to do it differently? Is it something you currently you cannot do? Is this related to an issue/problem?
+
+**Alternatives**
+
+Can you achieve the same result doing it in an alternative way? Is the alternative considerable?
+
+**Has the feature been requested before?**
+
+Please provide a link to the issue.
+
+**If the feature request is approved, would you be willing to submit a PR?**
+
+Yes / No _(Help can be provided if you need assistance submitting a PR)_
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
new file mode 100644
index 0000000..3ba13e0
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1 @@
+blank_issues_enabled: false
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 0000000..53dec30
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,19 @@
+# Task
+<!-- Please add link a relevant issue or task -->
+
+# Description
+<!-- Please include a summary of the change -->
+<!-- Any details that you think are important to review this PR? -->
+<!-- Are there other PRs related to this one? -->
+
+# How Has This Been Tested?
+<!-- Please describe how you tested your changes -->
+
+# Checklist
+<!-- Go over all the following points, and put an `x` in all the boxes that apply -->
+
+- [ ] This Pull-Request goes to the **development** branch.
+- [ ] I have successfully run prek locally.
+- [ ] I have added tests to cover my changes.
+- [ ] I have linked the issue-id to the task-description.
+- [ ] I have performed a self-review of my own code.
diff --git a/.gitignore b/.gitignore
index 3113ce1..b0a557c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -199,3 +199,6 @@ cython_debug/
 local/
 test.ipynb
 test.py
+
+# claude code
+CLAUDE.md
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..e7cbac5
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,32 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x.x   | :white_check_mark: |
+| < 1.0.0   | :x:                |
+
+> [!IMPORTANT]
+> Currently DetectMateService is a work in progress and heavily under development. Possible vulnerabilities will not be treated any special and can be issued using [GitHub-Issues](https://github.com/ait-detectmate/DetectMateService/issues)
+
+## Reporting a Vulnerability
+
+Please email reports about any security related issues you find to aecid@ait.ac.at. This mail is delivered to a small developer team. Your email will be acknowledged within one business day, and you'll receive a more detailed response to your email within 7 days indicating the next steps in handling your report.
+
+Please use a descriptive subject line for your report email. After the initial reply to your report, our team will endeavor to keep you informed of the progress being made towards a fix and announcement.
+
+In addition, please include the following information along with your report:
+
+* Your name and affiliation (if any).
+* A description of the technical details of the vulnerabilities. It is very important to let us know how we can reproduce your findings.
+* An explanation who can exploit this vulnerability, and what they gain when doing so -- write an attack scenario. This will help us evaluate your report quickly, especially if the issue is complex.
+* Whether this vulnerability public or known to third parties. If it is, please provide details.
+* Whether we could mention your name in the changelogs.
+
+Once an issue is reported we use the following disclosure process:
+
+* When a report is received, we confirm the issue and determine its severity.
+* If we know of specific third-party services or software based on DetectMateService that require mitigation before publication, those projects will be notified.
+* Fixes are prepared for the last minor release of the latest major release.
+* Patch releases are published for all fixed released versions.
diff --git a/config/pipeline_config_default.yaml b/config/pipeline_config_default.yaml
index 0475495..4271752 100644
--- a/config/pipeline_config_default.yaml
+++ b/config/pipeline_config_default.yaml
@@ -68,8 +68,6 @@ detectors:
     NewValueComboDetector:
         method_type: new_value_combo_detector
         auto_config: False
-        params:
-            comb_size: 3
         events:
             1:
                 test:
diff --git a/docs/detectors.md b/docs/detectors.md
index 3366ab7..7625b9d 100644
--- a/docs/detectors.md
+++ b/docs/detectors.md
@@ -87,6 +87,7 @@ List of detectors:
 * [Random detector](detectors/random_detector.md): Generates random alerts.
 * [New Value](detectors/new_value.md): Detect new values in the variables in the logs.
 * [Combo Detector](detectors/combo.md): Detect new combination of variables in the logs.
+* [New Event](detectors/new_event.md): Detect new events in the variables in the logs.
 
 ## Configuration
 
@@ -192,7 +193,7 @@ The `set_configuration()` method queries the tracker results and generates the f
 def set_configuration(self):
     variables = {}
     for event_id, tracker in self.auto_conf_persistency.get_events_data().items():
-        stable_vars = tracker.get_variables_by_classification("STABLE")
+        stable_vars = tracker.get_features_by_classification("STABLE")
         variables[event_id] = stable_vars
 
     config_dict = generate_detector_config(
diff --git a/docs/detectors/combo.md b/docs/detectors/combo.md
index 0272668..1440167 100644
--- a/docs/detectors/combo.md
+++ b/docs/detectors/combo.md
@@ -18,7 +18,7 @@ detectors:
         method_type: new_value_combo_detector
         auto_config: False
         params:
-            comb_size: 3
+            max_combo_size: 3
         events:
             1:
                 test:
diff --git a/docs/detectors/new_event.md b/docs/detectors/new_event.md
new file mode 100644
index 0000000..946bdab
--- /dev/null
+++ b/docs/detectors/new_event.md
@@ -0,0 +1,7 @@
+TODO PAGE
+
+TODO: new_event_detector
+TODO: test_new_event_detector
+- Tests need to be reworked, just copied from new_value_detector
+
+TODO: pipeline_config_Default.yaml
diff --git a/src/detectmatelibrary/common/_config/_compile.py b/src/detectmatelibrary/common/_config/_compile.py
index 5a864e8..0f01d5d 100644
--- a/src/detectmatelibrary/common/_config/_compile.py
+++ b/src/detectmatelibrary/common/_config/_compile.py
@@ -142,7 +142,7 @@ def generate_detector_config(
         detector_name: Name of the detector, used as the base instance_id.
         method_type: Type of detection method (e.g., "new_value_detector").
         **additional_params: Additional parameters for the detector's params
-            dict (e.g., comb_size=3).
+            dict (e.g., max_combo_size=3).
 
     Returns:
         Dictionary with structure compatible with detector config classes.
@@ -162,7 +162,7 @@ def generate_detector_config(
                 variable_selection={1: [("username", "src_ip"), ("var_0", "var_1")]},
                 detector_name="MyDetector",
                 method_type="new_value_combo_detector",
-                comb_size=2,
+                max_combo_size=2,
             )
     """
     var_pattern = re.compile(r"^var_(\d+)$")
diff --git a/src/detectmatelibrary/common/_config/_formats.py b/src/detectmatelibrary/common/_config/_formats.py
index 564d5e5..dcee7e2 100644
--- a/src/detectmatelibrary/common/_config/_formats.py
+++ b/src/detectmatelibrary/common/_config/_formats.py
@@ -6,16 +6,17 @@
 
 # Sub-formats ********************************************************+
 class Variable(BaseModel):
-    pos: int
-    name: str
+    pos: str | int
+    name: str = ""
     params: Dict[str, Any] = {}
 
     def to_dict(self) -> Dict[str, Any]:
         """Convert Variable to YAML-compatible dictionary."""
         result: Dict[str, Any] = {
             "pos": self.pos,
-            "name": self.name,
         }
+        if self.name:
+            result["name"] = self.name
         if self.params:
             result["params"] = self.params
         return result
@@ -38,7 +39,7 @@ def to_dict(self) -> Dict[str, Any]:
 class _EventInstance(BaseModel):
     """Configuration for a specific instance within an event."""
     params: Dict[str, Any] = {}
-    variables: Dict[int, Variable] = {}
+    variables: Dict[str | int, Variable] = {}
     header_variables: Dict[str, Header] = {}
 
     @classmethod
@@ -79,7 +80,7 @@ def _init(cls, instances_dict: Dict[str, Dict[str, Any]]) -> "_EventConfig":
         return cls(instances=instances)
 
     @property
-    def variables(self) -> Dict[int, Variable]:
+    def variables(self) -> Dict[str | int, Variable]:
         """Pass-through to first instance for compatibility."""
         if self.instances:
             return next(iter(self.instances.values())).variables
diff --git a/src/detectmatelibrary/common/_core_op/_fit_logic.py b/src/detectmatelibrary/common/_core_op/_fit_logic.py
index c702524..7a4aa61 100644
--- a/src/detectmatelibrary/common/_core_op/_fit_logic.py
+++ b/src/detectmatelibrary/common/_core_op/_fit_logic.py
@@ -74,6 +74,9 @@ def __init__(
         self._configuration_done = False
         self.config_finished = False
 
+        self._training_done = False
+        self.training_finished = False
+
         self.data_use_configure = data_use_configure
         self.data_use_training = data_use_training
 
@@ -84,6 +87,13 @@ def finish_config(self) -> bool:
 
         return False
 
+    def finish_training(self) -> bool:
+        if self._training_done and not self.training_finished:
+            self.training_finished = True
+            return True
+
+        return False
+
     def run(self) -> FitLogicState:
         if do_configure(
             data_use_configure=self.data_use_configure,
@@ -103,5 +113,7 @@ def run(self) -> FitLogicState:
             ):
                 self.data_used_train += 1
                 return FitLogicState.DO_TRAIN
+            elif self.data_used_train > 0 and not self._training_done:
+                self._training_done = True
 
         return FitLogicState.NOTHING
\ No newline at end of file
diff --git a/src/detectmatelibrary/common/core.py b/src/detectmatelibrary/common/core.py
index 34d5a00..02afb3c 100644
--- a/src/detectmatelibrary/common/core.py
+++ b/src/detectmatelibrary/common/core.py
@@ -54,6 +54,9 @@ def configure(
     def set_configuration(self) -> None:
         pass
 
+    def post_train(self) -> None:
+        pass
+
     def get_config(self) -> Dict[str, Any]:
         return self.config.get_config()
 
@@ -100,6 +103,9 @@ def process(self, data: BaseSchema | bytes) -> BaseSchema | bytes | None:
         if fit_state == FitLogicState.DO_TRAIN:
             logger.info(f"<<{self.name}>> use data for training")
             self.train(input_=data_buffered)
+        elif self.fitlogic.finish_training():
+            logger.info(f"<<{self.name}>> finalizing training")
+            self.post_train()
 
         output_ = self.output_schema()
         logger.info(f"<<{self.name}>> processing data")
diff --git a/src/detectmatelibrary/common/detector.py b/src/detectmatelibrary/common/detector.py
index e224f68..2be7153 100644
--- a/src/detectmatelibrary/common/detector.py
+++ b/src/detectmatelibrary/common/detector.py
@@ -3,6 +3,7 @@
 
 from detectmatelibrary.utils.data_buffer import ArgsBuffer, BufferMode
 from detectmatelibrary.utils.aux import get_timestamp
+from detectmatelibrary.utils.persistency.event_persistency import EventPersistency
 
 from detectmatelibrary.schemas import ParserSchema, DetectorSchema
 
@@ -10,6 +11,7 @@
 from typing import Dict, List, Optional, Any
 
 from detectmatelibrary.utils.time_format_handler import TimeFormatHandler
+from tools.logging import logger
 
 
 _time_handler = TimeFormatHandler()
@@ -56,7 +58,7 @@ def get_configured_variables(
     # Extract template variables by position
     if hasattr(event_config, "variables"):
         for pos, var in event_config.variables.items():
-            if pos < len(input_["variables"]):
+            if isinstance(pos, int) and pos < len(input_["variables"]):
                 result[var.name] = input_["variables"][pos]
 
     # Extract header/log format variables by name
@@ -89,6 +91,45 @@ def get_global_variables(
     return result
 
 
+def validate_config_coverage(
+        detector_name: str,
+        config_events: EventsConfig | dict[str, Any],
+        persistency: EventPersistency,
+) -> None:
+    """Log warnings when configured EventIDs or variables have no training
+    data.
+
+    Args:
+        detector_name: Name of the detector (used in warning messages).
+        config_events: The detector's events configuration.
+        persistency: The persistency object populated during training.
+    """
+    config_ids = (
+        config_events.events.keys()
+        if isinstance(config_events, EventsConfig)
+        else config_events.keys()
+    )
+    if not config_ids:
+        return
+
+    events_seen = persistency.get_events_seen()
+    events_with_data = set(persistency.get_events_data().keys())
+
+    for event_id in config_ids:
+        if event_id not in events_seen:
+            logger.warning(
+                f"[{detector_name}] EventID {event_id!r} is configured but was "
+                "never observed in training data. Verify that EventIDs in your "
+                "config match those produced by the parser."
+            )
+        elif event_id not in events_with_data:
+            logger.warning(
+                f"[{detector_name}] EventID {event_id!r} was observed in training "
+                "data but no configured variables were extracted. Verify that "
+                "variable names/positions in your config match those in the data."
+            )
+
+
 class CoreDetectorConfig(CoreConfig):
     component_type: str = "detectors"
     method_type: str = "core_detector"
@@ -158,3 +199,7 @@ def configure(
     @override
     def set_configuration(self) -> None:
         pass
+
+    @override
+    def post_train(self) -> None:
+        pass
diff --git a/src/detectmatelibrary/detectors/__init__.py b/src/detectmatelibrary/detectors/__init__.py
index 7ca736e..c10328e 100644
--- a/src/detectmatelibrary/detectors/__init__.py
+++ b/src/detectmatelibrary/detectors/__init__.py
@@ -1,10 +1,13 @@
 from .random_detector import RandomDetector, RandomDetectorConfig
 from .new_value_detector import NewValueDetector, NewValueDetectorConfig
+from .new_event_detector import NewEventDetector, NewEventDetectorConfig
 
 __all__ = [
     "random_detector",
     "RandomDetectorConfig",
     "NewValueDetector",
     "NewValueDetectorConfig",
-    "RandomDetector"
+    "RandomDetector",
+    "NewEventDetector",
+    "NewEventDetectorConfig"
 ]
diff --git a/src/detectmatelibrary/detectors/new_event_detector.py b/src/detectmatelibrary/detectors/new_event_detector.py
new file mode 100644
index 0000000..51d345d
--- /dev/null
+++ b/src/detectmatelibrary/detectors/new_event_detector.py
@@ -0,0 +1,105 @@
+from detectmatelibrary.common._config._compile import generate_detector_config
+from detectmatelibrary.common._config._formats import EventsConfig
+
+from detectmatelibrary.common.detector import CoreDetectorConfig, CoreDetector, get_configured_variables
+
+from detectmatelibrary.utils.persistency.event_data_structures.trackers.stability.stability_tracker import (
+    EventStabilityTracker
+)
+from detectmatelibrary.utils.persistency.event_persistency import EventPersistency
+from detectmatelibrary.utils.data_buffer import BufferMode
+
+from detectmatelibrary.schemas import ParserSchema, DetectorSchema
+
+from typing import Any
+
+
+class NewEventDetectorConfig(CoreDetectorConfig):
+    method_type: str = "new_event_detector"
+
+    events: EventsConfig | dict[str, Any] = {}
+
+
+class NewEventDetector(CoreDetector):
+    """Detect new values in log data as anomalies based on learned values."""
+
+    def __init__(
+        self,
+        name: str = "NewEventDetector",
+        config: NewEventDetectorConfig = NewEventDetectorConfig()
+    ) -> None:
+
+        if isinstance(config, dict):
+            config = NewEventDetectorConfig.from_dict(config, name)
+
+        super().__init__(name=name, buffer_mode=BufferMode.NO_BUF, config=config)
+        self.config: NewEventDetectorConfig  # type narrowing for IDE
+        self.persistency = EventPersistency(
+            event_data_class=EventStabilityTracker,
+        )
+        # auto config checks if individual variables are stable to select combos from
+        self.auto_conf_persistency = EventPersistency(
+            event_data_class=EventStabilityTracker
+        )
+
+    def train(self, input_: ParserSchema) -> None:  # type: ignore
+        """Train the detector by learning values from the input data."""
+        configured_variables = get_configured_variables(input_, self.config.events)
+        self.persistency.ingest_event(
+            event_id=input_["EventID"],
+            event_template=input_["template"],
+            named_variables=configured_variables
+        )
+
+    def detect(
+        self, input_:  ParserSchema, output_: DetectorSchema  # type: ignore
+    ) -> bool:
+        """Detect new values in the input data."""
+        alerts: dict[str, str] = {}
+        configured_variables = get_configured_variables(input_, self.config.events)
+        overall_score = 0.0
+
+        current_event_id = input_["EventID"]
+        known_events = self.persistency.get_events_data()
+
+        if current_event_id in known_events:
+            event_tracker = known_events[current_event_id]
+            for var_name, multi_tracker in event_tracker.get_data().items():
+                value = configured_variables.get(var_name)
+                if value is None:
+                    continue
+                if value not in multi_tracker.unique_set:
+                    alerts[f"EventID {current_event_id} - {var_name}"] = (
+                        f"Unknown value: '{value}'"
+                    )
+                    overall_score += 1.0
+
+        if overall_score > 0:
+            output_["score"] = overall_score
+            output_["description"] = f"{self.name} detects values not encountered in training as anomalies."
+            output_["alertsObtain"].update(alerts)
+            return True
+
+        return False
+
+    def configure(self, input_: ParserSchema) -> None:  # type: ignore
+        self.auto_conf_persistency.ingest_event(
+            event_id=input_["EventID"],
+            event_template=input_["template"],
+            variables=input_["variables"],
+            named_variables=input_["logFormatVariables"],
+        )
+
+    def set_configuration(self) -> None:
+        variables = {}
+        for event_id, tracker in self.auto_conf_persistency.get_events_data().items():
+            classified_vars = (tracker.get_variables_by_classification("STABLE") +  # type: ignore
+                               tracker.get_variables_by_classification("STATIC"))  # type: ignore
+            variables[event_id] = classified_vars
+        config_dict = generate_detector_config(
+            variable_selection=variables,
+            detector_name=self.name,
+            method_type=self.config.method_type
+        )
+        # Update the config object from the dictionary instead of replacing it
+        self.config = NewEventDetectorConfig.from_dict(config_dict, self.name)
diff --git a/src/detectmatelibrary/detectors/new_value_combo_detector.py b/src/detectmatelibrary/detectors/new_value_combo_detector.py
index c461526..5f5a781 100644
--- a/src/detectmatelibrary/detectors/new_value_combo_detector.py
+++ b/src/detectmatelibrary/detectors/new_value_combo_detector.py
@@ -1,10 +1,12 @@
 from detectmatelibrary.common._config import generate_detector_config
+from detectmatelibrary.common._config._formats import EventsConfig
 
 from detectmatelibrary.common.detector import (
     CoreDetectorConfig,
     CoreDetector,
     get_configured_variables,
-    get_global_variables
+    get_global_variables,
+    validate_config_coverage,
 )
 
 from detectmatelibrary.utils.data_buffer import BufferMode
@@ -19,6 +21,9 @@
 from typing import Any, Dict, Sequence, cast, Tuple
 from itertools import combinations
 
+from typing_extensions import override
+from tools.logging import logger
+
 
 def get_combo(variables: Dict[str, Any]) -> Dict[Tuple[str, ...], Tuple[Any, ...]]:
     """Get a single combination of all variables as a key-value pair."""
@@ -52,7 +57,9 @@ def get_all_possible_combos(
 class NewValueComboDetectorConfig(CoreDetectorConfig):
     method_type: str = "new_value_combo_detector"
 
-    comb_size: int = 2
+    max_combo_size: int = 3
+    use_stable_vars: bool = True
+    use_static_vars: bool = False
 
 
 class NewValueComboDetector(CoreDetector):
@@ -144,6 +151,12 @@ def detect(
             return True
         return False
 
+    @override
+    def post_train(self) -> None:
+        config = cast(NewValueComboDetectorConfig, self.config)
+        if not config.auto_config:
+            validate_config_coverage(self.name, config.events, self.persistency)
+
     def configure(self, input_: ParserSchema) -> None:  # type: ignore
         """Configure the detector based on the stability of individual
         variables, then learn value combinations based on that
@@ -159,7 +172,7 @@ def configure(self, input_: ParserSchema) -> None:  # type: ignore
             named_variables=input_["logFormatVariables"],
         )
 
-    def set_configuration(self, max_combo_size: int = 3) -> None:
+    def set_configuration(self, max_combo_size: int | None = None) -> None:
         """Set the detector configuration based on the stability of variable
         combinations.
 
@@ -169,17 +182,18 @@ def set_configuration(self, max_combo_size: int = 3) -> None:
         3. Re-ingest all events to learn the stability of these combos (testing all possible combos right away
         would explode combinatorially).
         """
+        config = cast(NewValueComboDetectorConfig, self.config)
         # run WITH auto_conf_persistency
         variable_combos = {}
         for event_id, tracker in self.auto_conf_persistency.get_events_data().items():
-            stable_vars = tracker.get_variables_by_classification("STABLE")  # type: ignore
+            stable_vars = tracker.get_features_by_classification("STABLE")  # type: ignore
             if len(stable_vars) > 1:
                 variable_combos[event_id] = stable_vars
         config_dict = generate_detector_config(
             variable_selection=variable_combos,
             detector_name=self.name,
             method_type=self.config.method_type,
-            comb_size=max_combo_size
+            max_combo_size=max_combo_size or config.max_combo_size
         )
         # Update the config object from the dictionary instead of replacing it
         self.config = NewValueComboDetectorConfig.from_dict(config_dict, self.name)
@@ -196,15 +210,28 @@ def set_configuration(self, max_combo_size: int = 3) -> None:
         # rerun to set final config WITH auto_conf_persistency_combos
         combo_selection = {}
         for event_id, tracker in self.auto_conf_persistency_combos.get_events_data().items():
-            stable_combos = tracker.get_variables_by_classification("STABLE")  # type: ignore
+            stable_combos = []
+            if self.config.use_stable_vars:
+                stable_combos = tracker.get_features_by_classification("STABLE")  # type: ignore
+            static_combos = []
+            if self.config.use_static_vars:
+                static_combos = tracker.get_features_by_classification("STATIC")  # type: ignore
+            combos = stable_combos + static_combos
             # Keep combos as tuples - each will become a separate config entry
-            if len(stable_combos) >= 1:
-                combo_selection[event_id] = stable_combos
+            if len(combos) > 0:
+                combo_selection[event_id] = combos
         config_dict = generate_detector_config(
             variable_selection=combo_selection,
             detector_name=self.name,
             method_type=self.config.method_type,
-            comb_size=max_combo_size
+            max_combo_size=max_combo_size or self.config.max_combo_size
         )
         # Update the config object from the dictionary instead of replacing it
         self.config = NewValueComboDetectorConfig.from_dict(config_dict, self.name)
+        events = self.config.events
+        if isinstance(events, EventsConfig) and not events.events:
+            logger.warning(
+                f"[{self.name}] auto_config=True generated an empty configuration. "
+                "No stable variable combinations were found in configure-phase data. "
+                "The detector will produce no alerts."
+            )
diff --git a/src/detectmatelibrary/detectors/new_value_detector.py b/src/detectmatelibrary/detectors/new_value_detector.py
index e9fe7c6..b7a051f 100644
--- a/src/detectmatelibrary/detectors/new_value_detector.py
+++ b/src/detectmatelibrary/detectors/new_value_detector.py
@@ -1,10 +1,12 @@
 from detectmatelibrary.common._config._compile import generate_detector_config
+from detectmatelibrary.common._config._formats import EventsConfig
 
 from detectmatelibrary.common.detector import (
     CoreDetectorConfig,
     CoreDetector,
     get_configured_variables,
-    get_global_variables
+    get_global_variables,
+    validate_config_coverage,
 )
 from detectmatelibrary.utils.persistency.event_data_structures.trackers.stability.stability_tracker import (
     EventStabilityTracker
@@ -15,10 +17,16 @@
 from detectmatelibrary.schemas import ParserSchema, DetectorSchema
 from detectmatelibrary.constants import GLOBAL_EVENT_ID
 
+from typing_extensions import override
+from tools.logging import logger
+
 
 class NewValueDetectorConfig(CoreDetectorConfig):
     method_type: str = "new_value_detector"
 
+    use_stable_vars: bool = True
+    use_static_vars: bool = True
+
 
 class NewValueDetector(CoreDetector):
     """Detect new values in log data as anomalies based on learned values."""
@@ -109,11 +117,23 @@ def configure(self, input_: ParserSchema) -> None:  # type: ignore
             named_variables=input_["logFormatVariables"],
         )
 
+    @override
+    def post_train(self) -> None:
+        if not self.config.auto_config:
+            validate_config_coverage(self.name, self.config.events, self.persistency)
+
     def set_configuration(self) -> None:
         variables = {}
         for event_id, tracker in self.auto_conf_persistency.get_events_data().items():
-            stable_vars = tracker.get_variables_by_classification("STABLE")  # type: ignore
-            variables[event_id] = stable_vars
+            stable = []
+            if self.config.use_stable_vars:
+                stable = tracker.get_features_by_classification("STABLE")  # type: ignore
+            static = []
+            if self.config.use_static_vars:
+                static = tracker.get_features_by_classification("STATIC")  # type: ignore
+            vars_ = stable + static
+            if len(vars_) > 0:
+                variables[event_id] = vars_
         config_dict = generate_detector_config(
             variable_selection=variables,
             detector_name=self.name,
@@ -121,3 +141,10 @@ def set_configuration(self) -> None:
         )
         # Update the config object from the dictionary instead of replacing it
         self.config = NewValueDetectorConfig.from_dict(config_dict, self.name)
+        events = self.config.events
+        if isinstance(events, EventsConfig) and not events.events:
+            logger.warning(
+                f"[{self.name}] auto_config=True generated an empty configuration. "
+                "No stable variables were found in configure-phase data. "
+                "The detector will produce no alerts."
+            )
diff --git a/src/detectmatelibrary/parsers/template_matcher/_matcher_op.py b/src/detectmatelibrary/parsers/template_matcher/_matcher_op.py
index 8760ab2..0c41a05 100644
--- a/src/detectmatelibrary/parsers/template_matcher/_matcher_op.py
+++ b/src/detectmatelibrary/parsers/template_matcher/_matcher_op.py
@@ -1,8 +1,17 @@
 from collections import defaultdict
-from typing import Dict, List, Any, Tuple
+from typing import Dict, List, Any, Tuple, TypedDict
 import regex
 import re
 
+from detectmatelibrary.common._config._formats import (
+    EventsConfig, _EventConfig, _EventInstance, Variable
+)
+
+
+class TemplateMetadata(TypedDict):
+    event_id_label: str | None
+    labels: list[str]
+
 
 def safe_search(pattern: str, string: str, timeout: int = 1) -> regex.Match[str] | None:
     """Perform regex search with a timeout to prevent catastrophic
@@ -64,6 +73,7 @@ class TemplatesManager:
     def __init__(
         self,
         template_list: list[str],
+        metadata: dict[int, TemplateMetadata] | None = None,
         remove_spaces: bool = True,
         remove_punctuation: bool = True,
         lowercase: bool = True
@@ -96,6 +106,61 @@ def __init__(
             first = tokens[0] if tokens else ""
             self._prefix_index[first].append(idx)
 
+        _metadata: dict[int, TemplateMetadata] = metadata or {}
+        self._event_label_to_idx: dict[str, int] = {
+            m["event_id_label"]: i
+            for i, m in _metadata.items()
+            if m["event_id_label"]
+        }
+        self._idx_to_var_map: dict[int, dict[str, int]] = {
+            i: {label: pos for pos, label in enumerate(m["labels"])}
+            for i, m in _metadata.items()
+            if m["labels"]
+        }
+
+    def compile_events_config(self, events_config: EventsConfig) -> EventsConfig:
+        """Resolve named event IDs and named variable labels to positional
+        ints.
+
+        Translates user-friendly named format to the internal positional
+        representation. Returns a new EventsConfig with only int keys
+        and int positions.
+        """
+        new_events: Dict[Any, _EventConfig] = {}
+
+        for event_key, event_config in events_config.events.items():
+            if isinstance(event_key, str) and event_key in self._event_label_to_idx:
+                resolved_key: str | int = self._event_label_to_idx[event_key]
+            else:
+                resolved_key = event_key
+
+            var_map = self._idx_to_var_map.get(resolved_key if isinstance(resolved_key, int) else -1, {})
+
+            new_instances: Dict[str, _EventInstance] = {}
+            for instance_id, instance in event_config.instances.items():
+                new_vars: Dict[str | int, Variable] = {}
+                for pos, var in instance.variables.items():
+                    if isinstance(pos, str):
+                        if pos not in var_map:
+                            raise ValueError(
+                                f"Label '{pos}' not found in template for event '{event_key}'. "
+                                f"Available labels: {list(var_map)}"
+                            )
+                        resolved_pos = var_map[pos]
+                        new_vars[resolved_pos] = Variable(
+                            pos=resolved_pos, name=pos, params=var.params
+                        )
+                    else:
+                        new_vars[pos] = var
+                new_instances[instance_id] = _EventInstance(
+                    params=instance.params,
+                    variables=new_vars,
+                    header_variables=instance.header_variables,
+                )
+            new_events[resolved_key] = _EventConfig(instances=new_instances)
+
+        return EventsConfig(events=new_events)
+
     def candidate_indices(self, s: str) -> Tuple[str, List[int]]:
         pre_s = self.preprocess(s)
         candidates = []
@@ -110,17 +175,28 @@ class TemplateMatcher:
     def __init__(
         self,
         template_list: list[str],
+        metadata: dict[int, TemplateMetadata] | None = None,
         remove_spaces: bool = True,
         remove_punctuation: bool = True,
         lowercase: bool = True
     ) -> None:
         self.manager = TemplatesManager(
             template_list=template_list,
+            metadata=metadata,
             remove_spaces=remove_spaces,
             remove_punctuation=remove_punctuation,
             lowercase=lowercase
         )
 
+    def compile_detector_config(self, events_config: EventsConfig) -> EventsConfig:
+        """Resolve named event IDs and variable labels to positional ints.
+
+        Call once at setup time. Returns a new EventsConfig using the
+        internal positional representation, compatible with
+        get_configured_variables().
+        """
+        return self.manager.compile_events_config(events_config)
+
     @staticmethod
     def extract_parameters(log: str, template: str) -> tuple[str, ...] | None:
         """Extract parameters from the log based on the template."""
@@ -129,7 +205,6 @@ def extract_parameters(log: str, template: str) -> tuple[str, ...] | None:
         pattern_parts_escaped = [re.escape(part) for part in pattern_parts]
         regex_pattern = "(.*?)".join(pattern_parts_escaped)
         regex = "^" + regex_pattern + "$"
-        # matches = re.search(regex, log)
         matches = safe_search(regex, log, 1)
         if matches:
             groups: tuple[str, ...] = matches.groups()
diff --git a/src/detectmatelibrary/parsers/template_matcher/_parser.py b/src/detectmatelibrary/parsers/template_matcher/_parser.py
index 3192a84..edcae99 100644
--- a/src/detectmatelibrary/parsers/template_matcher/_parser.py
+++ b/src/detectmatelibrary/parsers/template_matcher/_parser.py
@@ -1,10 +1,13 @@
-from detectmatelibrary.parsers.template_matcher._matcher_op import TemplateMatcher
+from detectmatelibrary.parsers.template_matcher._matcher_op import TemplateMatcher, TemplateMetadata
 from detectmatelibrary.common.parser import CoreParser, CoreParserConfig
 from detectmatelibrary import schemas
 
 from typing import Any
 import csv
 import os
+import re
+
+_NAMED_WC_RE = re.compile(r'<([A-Za-z_]\w*)>')
 
 
 class TemplatesNotFoundError(Exception):
@@ -15,34 +18,93 @@ class TemplateNoPermissionError(Exception):
     pass
 
 
-def load_templates(path: str) -> list[str]:
+def _compile_templates(
+    raw_templates: list[str],
+    event_id_labels: list[str | None] | None = None,
+) -> tuple[list[str], dict[int, TemplateMetadata]]:
+    """Convert named wildcards to <*> and record label order and event ID
+    labels.
+
+    Args:
+        raw_templates: Raw template strings, possibly containing named wildcards.
+        event_id_labels: Optional per-template event ID labels (from CSV EventId column).
+                         If provided, must have the same length as raw_templates.
+
+    Returns:
+        compiled: Template strings with only <*> wildcards, ready for TemplatesManager.
+        metadata: Mapping of template index to TemplateMetadata.
+
+    Raises:
+        ValueError: If a template mixes <*> and named wildcards.
+    """
+    compiled: list[str] = []
+    metadata: dict[int, TemplateMetadata] = {}
+
+    for i, raw in enumerate(raw_templates):
+        has_anon = "<*>" in raw
+        labels = _NAMED_WC_RE.findall(raw)
+        has_named = bool(labels)
+
+        if has_anon and has_named:
+            raise ValueError(
+                f"Template mixes <*> and named wildcards: {raw!r}. "
+                "Use either <*> (positional) or <label> (named) exclusively."
+            )
+
+        compiled_tpl = _NAMED_WC_RE.sub("<*>", raw) if has_named else raw
+        idx = len(compiled)
+        compiled.append(compiled_tpl)
+        eid_label = event_id_labels[i] if event_id_labels else None
+        metadata[idx] = TemplateMetadata(event_id_label=eid_label, labels=labels)
+
+    return compiled, metadata
+
+
+def load_templates(path: str) -> tuple[list[str], list[str | None]]:
+    """Load templates from a .txt or .csv file.
+
+    Returns:
+        A tuple of (template_strings, event_id_labels). For .txt files, all
+        event_id_labels are None (positional IDs only). For .csv files, an
+        optional EventId column provides named event ID labels.
+    """
     if not os.path.exists(path):
         raise TemplatesNotFoundError(f"Templates file not found at: {path}")
     if not os.access(path, os.R_OK):
         raise TemplateNoPermissionError(
             f"You do not have the permission to access the templates file: {path}"
         )
+    templates: list[str] = []
+    eid_labels: list[str | None] = []
     if path.endswith(".txt"):
         with open(path, "r") as f:
-            templates = [line.strip() for line in f if line.strip()]
+            for line in f:
+                s = line.strip()
+                if s:
+                    templates.append(s)
+                    eid_labels.append(None)
     elif path.endswith(".csv"):
-        templates = []
-        # Use the lightweight built-in csv module instead of pandas
-        # Expect a header with a 'template' column
         with open(path, newline="", encoding="utf-8") as f:
             reader = csv.DictReader(f)
             if reader.fieldnames is None or "EventTemplate" not in reader.fieldnames:
                 raise ValueError("CSV file must contain a 'EventTemplate' column.")
+            has_event_id_col = "EventId" in (reader.fieldnames or [])
             for row in reader:
                 val = row.get("EventTemplate")
                 if val is None:
                     continue
                 s = str(val).strip()
-                if s:
-                    templates.append(s)
+                if not s:
+                    continue
+                templates.append(s)
+                if has_event_id_col:
+                    eid = str(row.get("EventId", "")).strip()
+                    eid_labels.append(eid or None)
+                else:
+                    eid_labels.append(None)
     else:
         raise ValueError("Unsupported template file format. Use .txt or .csv files.")
-    return templates
+    return templates, eid_labels
 
 
 class MatcherParserConfig(CoreParserConfig):
@@ -52,7 +114,7 @@ class MatcherParserConfig(CoreParserConfig):
     remove_punctuation: bool = True
     lowercase: bool = True
 
-    path_templates: str = "<PLACEHOLDER>"
+    path_templates: str | None = None
 
 
 class MatcherParser(CoreParser):
@@ -67,8 +129,14 @@ def __init__(
         super().__init__(name=name, config=config)
         self.config: MatcherParserConfig
 
+        if self.config.path_templates is not None:
+            raw_templates, eid_labels = load_templates(self.config.path_templates)
+        else:
+            raw_templates, eid_labels = [], []
+        compiled_templates, metadata = _compile_templates(raw_templates, eid_labels)
         self.template_matcher = TemplateMatcher(
-            template_list=load_templates(self.config.path_templates),
+            template_list=compiled_templates,
+            metadata=metadata,
             remove_spaces=self.config.remove_spaces,
             remove_punctuation=self.config.remove_punctuation,
             lowercase=self.config.lowercase,
diff --git a/src/detectmatelibrary/utils/persistency/event_data_structures/trackers/stability/stability_tracker.py b/src/detectmatelibrary/utils/persistency/event_data_structures/trackers/stability/stability_tracker.py
index a37ab3d..f29a78e 100644
--- a/src/detectmatelibrary/utils/persistency/event_data_structures/trackers/stability/stability_tracker.py
+++ b/src/detectmatelibrary/utils/persistency/event_data_structures/trackers/stability/stability_tracker.py
@@ -73,7 +73,7 @@ class MultiStabilityTracker(MultiTracker):
     """Tracks multiple features (e.g. variables or variable combos) using
     individual trackers."""
 
-    def get_variables_by_classification(
+    def get_features_by_classification(
         self,
         classification_type: Literal["INSUFFICIENT_DATA", "STATIC", "RANDOM", "STABLE", "UNSTABLE"]
     ) -> List[str]:
@@ -99,9 +99,9 @@ def __init__(self, converter_function: Callable[[Any], Any] = lambda x: x) -> No
             converter_function=converter_function,
         )
 
-    def get_variables_by_classification(
+    def get_features_by_classification(
         self, classification_type: Literal["INSUFFICIENT_DATA", "STATIC", "RANDOM", "STABLE", "UNSTABLE"]
     ) -> List[str]:
         """Get a list of variable names that are classified as the given
         type."""
-        return self.multi_tracker.get_variables_by_classification(classification_type)
+        return self.multi_tracker.get_features_by_classification(classification_type)
diff --git a/src/detectmatelibrary/utils/persistency/event_persistency.py b/src/detectmatelibrary/utils/persistency/event_persistency.py
index c21cb76..3c6d178 100644
--- a/src/detectmatelibrary/utils/persistency/event_persistency.py
+++ b/src/detectmatelibrary/utils/persistency/event_persistency.py
@@ -26,6 +26,7 @@ def __init__(
         event_data_kwargs: Optional[dict[str, Any]] = None,
     ):
         self.events_data: Dict[int | str, EventDataStructure] = {}
+        self.events_seen: set[int | str] = set()
         self.event_data_class = event_data_class
         self.event_data_kwargs = event_data_kwargs or {}
         self.variable_blacklist = variable_blacklist or []
@@ -39,6 +40,7 @@ def ingest_event(
         named_variables: Dict[str, Any] = {}
     ) -> None:
         """Ingest event data into the appropriate EventData store."""
+        self.events_seen.add(event_id)
         if not variables and not named_variables:
             return
         self.event_templates[event_id] = event_template
@@ -52,6 +54,11 @@ def ingest_event(
         data = data_structure.to_data(all_variables)
         data_structure.add_data(data)
 
+    def get_events_seen(self) -> set[int | str]:
+        """Retrieve all event IDs observed via ingest_event(), regardless of
+        whether variables were extracted."""
+        return self.events_seen
+
     def get_event_data(self, event_id: int | str) -> Any | None:
         """Retrieve the data for a specific event ID."""
         data_structure = self.events_data.get(event_id)
diff --git a/tests/test_common/test_config_roundtrip.py b/tests/test_common/test_config_roundtrip.py
index 24359ff..24fee61 100644
--- a/tests/test_common/test_config_roundtrip.py
+++ b/tests/test_common/test_config_roundtrip.py
@@ -290,3 +290,90 @@ def test_parser_true_roundtrip(self):
 
         # Dicts should be identical
         assert dict1 == dict2
+
+
+class TestNamedVariablesRoundtrip:
+    """Test that named wildcard positions and named event IDs round-trip
+    correctly."""
+
+    def test_named_pos_preserved_as_string(self):
+        """String pos values must survive yaml -> pydantic -> yaml
+        unchanged."""
+        config_yaml = load_test_config()
+        method_id = "detector_named_pos"
+
+        config = MockupDetectorConfig.from_dict(config_yaml, method_id)
+        result_dict = config.to_dict(method_id)
+
+        original = config_yaml["detectors"][method_id]
+        result = result_dict["detectors"][method_id]
+
+        orig_vars = original["events"][1]["example_detector_1"]["variables"]
+        result_vars = result["events"][1]["example_detector_1"]["variables"]
+
+        assert len(result_vars) == len(orig_vars)
+        for orig_var, result_var in zip(orig_vars, result_vars):
+            assert result_var["pos"] == orig_var["pos"]
+            assert isinstance(result_var["pos"], str)  # must stay a string, not coerced to int
+
+    def test_named_pos_no_name_field_when_omitted(self):
+        """Variables with only a label pos must not emit a 'name' key."""
+        config_yaml = load_test_config()
+        config = MockupDetectorConfig.from_dict(config_yaml, "detector_named_pos")
+        result_dict = config.to_dict("detector_named_pos")
+
+        instance = result_dict["detectors"]["detector_named_pos"]["events"][1]["example_detector_1"]
+        no_params_var = instance["variables"][0]  # pos: pid, no params
+
+        assert "pos" in no_params_var
+        assert no_params_var["pos"] == "pid"
+        assert "name" not in no_params_var
+
+    def test_named_pos_params_preserved(self):
+        """Named pos variable with params must preserve those params."""
+        config_yaml = load_test_config()
+        config = MockupDetectorConfig.from_dict(config_yaml, "detector_named_pos")
+        result_dict = config.to_dict("detector_named_pos")
+
+        instance = result_dict["detectors"]["detector_named_pos"]["events"][1]["example_detector_1"]
+        with_params_var = instance["variables"][1]  # pos: op, params: {threshold: 0.5}
+
+        assert with_params_var["pos"] == "op"
+        assert with_params_var["params"] == {"threshold": 0.5}
+
+    def test_named_event_id_preserved_as_string(self):
+        """String event ID keys must survive yaml -> pydantic -> yaml
+        unchanged."""
+        config_yaml = load_test_config()
+        method_id = "detector_named_event_id"
+
+        config = MockupDetectorConfig.from_dict(config_yaml, method_id)
+        result_dict = config.to_dict(method_id)
+
+        result_events = result_dict["detectors"][method_id]["events"]
+        assert "login_failure" in result_events
+        assert isinstance(list(result_events.keys())[0], str)
+
+    def test_named_pos_true_roundtrip(self):
+        """Yaml -> pydantic -> yaml -> pydantic produces identical objects."""
+        config_yaml = load_test_config()
+        method_id = "detector_named_pos"
+
+        config1 = MockupDetectorConfig.from_dict(config_yaml, method_id)
+        dict1 = config1.to_dict(method_id)
+        config2 = MockupDetectorConfig.from_dict(dict1, method_id)
+        dict2 = config2.to_dict(method_id)
+
+        assert dict1 == dict2
+
+    def test_named_event_id_true_roundtrip(self):
+        """Yaml -> pydantic -> yaml -> pydantic produces identical objects."""
+        config_yaml = load_test_config()
+        method_id = "detector_named_event_id"
+
+        config1 = MockupDetectorConfig.from_dict(config_yaml, method_id)
+        dict1 = config1.to_dict(method_id)
+        config2 = MockupDetectorConfig.from_dict(dict1, method_id)
+        dict2 = config2.to_dict(method_id)
+
+        assert dict1 == dict2
diff --git a/tests/test_common/test_core.py b/tests/test_common/test_core.py
index f8d0183..2b4e594 100644
--- a/tests/test_common/test_core.py
+++ b/tests/test_common/test_core.py
@@ -330,3 +330,59 @@ def test_set_configuration_called_once(self) -> None:
             component.process(self._make_log(i))
 
         assert component.set_configuration_called == 1
+
+
+class MockConfigWithPostTrain(CoreConfig):
+    data_use_training: int | None = 3
+
+
+class MockComponentWithPostTrain(CoreComponent):
+    def __init__(self, name: str, config: CoreConfig = MockConfigWithPostTrain()) -> None:
+        super().__init__(
+            name=name, type_="Dummy", config=config, input_schema=schemas.LogSchema
+        )
+        self.post_train_called: int = 0
+
+    def train(self, input_) -> None:
+        pass
+
+    def post_train(self) -> None:
+        self.post_train_called += 1
+
+    def run(self, input_, output_) -> bool:
+        return False
+
+
+class TestPostTrain:
+    def _make_log(self, i: int) -> schemas.LogSchema:
+        return schemas.LogSchema({
+            "__version__": "1.0.0",
+            "logID": str(i),
+            "logSource": "test",
+            "hostname": "test_hostname"
+        })
+
+    def test_post_train_called_once_after_training(self) -> None:
+        component = MockComponentWithPostTrain(name="PostTrain1")
+        for i in range(10):
+            component.process(self._make_log(i))
+        assert component.post_train_called == 1
+
+    def test_post_train_not_called_without_training(self) -> None:
+        component = MockComponentWithPostTrain(name="PostTrain2", config=CoreConfig())
+        for i in range(10):
+            component.process(self._make_log(i))
+        assert component.post_train_called == 0
+
+    def test_post_train_called_on_first_detection_item(self) -> None:
+        """post_train fires on the item immediately after training ends."""
+        component = MockComponentWithPostTrain(name="PostTrain3")
+        # data_use_training=3, so 4th item triggers post_train
+        for i in range(3):
+            component.process(self._make_log(i))
+        assert component.post_train_called == 0
+        component.process(self._make_log(3))
+        assert component.post_train_called == 1
+        # subsequent items don't re-trigger it
+        component.process(self._make_log(4))
+        assert component.post_train_called == 1
diff --git a/tests/test_common/test_fit_logic.py b/tests/test_common/test_fit_logic.py
new file mode 100644
index 0000000..11e96c4
--- /dev/null
+++ b/tests/test_common/test_fit_logic.py
@@ -0,0 +1,62 @@
+"""Tests for FitLogic training lifecycle hooks."""
+
+from detectmatelibrary.common._core_op._fit_logic import (
+    FitLogic, FitLogicState, TrainState
+)
+
+
+class TestFinishTraining:
+    """Test that finish_training() fires exactly once after bounded training."""
+
+    def test_finish_training_fires_once_after_bounded_training(self) -> None:
+        logic = FitLogic(data_use_configure=None, data_use_training=3)
+        finish_calls = []
+        for _ in range(6):
+            logic.run()
+            finish_calls.append(logic.finish_training())
+        assert finish_calls.count(True) == 1
+
+    def test_finish_training_fires_on_first_nothing_after_training(self) -> None:
+        logic = FitLogic(data_use_configure=None, data_use_training=2)
+        states = []
+        finishes = []
+        for _ in range(5):
+            state = logic.run()
+            states.append(state)
+            finishes.append(logic.finish_training())
+        # First two calls are DO_TRAIN, third is first NOTHING
+        assert states[:2] == [FitLogicState.DO_TRAIN, FitLogicState.DO_TRAIN]
+        assert states[2] == FitLogicState.NOTHING
+        assert finishes[2] is True
+        assert all(not f for f in finishes[:2])
+        assert all(not f for f in finishes[3:])
+
+    def test_finish_training_not_called_without_training(self) -> None:
+        logic = FitLogic(data_use_configure=None, data_use_training=None)
+        for _ in range(5):
+            logic.run()
+            assert logic.finish_training() is False
+
+    def test_finish_training_not_called_during_training(self) -> None:
+        logic = FitLogic(data_use_configure=None, data_use_training=5)
+        for _ in range(5):
+            state = logic.run()
+            assert state == FitLogicState.DO_TRAIN
+            assert logic.finish_training() is False
+
+    def test_finish_training_not_called_with_keep_training(self) -> None:
+        logic = FitLogic(data_use_configure=None, data_use_training=None)
+        logic.train_state = TrainState.KEEP_TRAINING
+        for _ in range(10):
+            state = logic.run()
+            assert state == FitLogicState.DO_TRAIN
+            assert logic.finish_training() is False
+
+    def test_finish_training_after_configure_and_training(self) -> None:
+        """finish_training fires correctly even when configure phase precedes training."""
+        logic = FitLogic(data_use_configure=2, data_use_training=3)
+        finish_calls = []
+        for _ in range(8):
+            logic.run()
+            finish_calls.append(logic.finish_training())
+        assert finish_calls.count(True) == 1
diff --git a/tests/test_detectors/test_mismatch_warnings.py b/tests/test_detectors/test_mismatch_warnings.py
new file mode 100644
index 0000000..40242b0
--- /dev/null
+++ b/tests/test_detectors/test_mismatch_warnings.py
@@ -0,0 +1,218 @@
+"""Tests for config-data mismatch warnings in detectors.
+
+Covers two warning levels:
+1. Configured EventID never seen in training data.
+2. EventID seen in training data but configured variables not extracted.
+
+Also covers the auto_config=True empty-config warning.
+"""
+
+import logging
+import pytest
+import detectmatelibrary.schemas as schemas
+from detectmatelibrary.detectors.new_value_detector import NewValueDetector
+from detectmatelibrary.detectors.new_value_combo_detector import NewValueComboDetector
+
+
+def _make_parser_schema(
+    event_id: int,
+    variables: list,
+    log_format_variables: dict,
+) -> schemas.ParserSchema:
+    return schemas.ParserSchema({
+        "parserType": "test",
+        "EventID": event_id,
+        "template": "test template",
+        "variables": variables,
+        "logID": "1",
+        "parsedLogID": "1",
+        "parserID": "test_parser",
+        "log": "test log message",
+        "logFormatVariables": log_format_variables,
+    })
+
+
+# ---- Config fixtures --------------------------------------------------------
+
+def _nvd_config(event_id: int, pos: int = 0, header: str | None = None) -> dict:
+    """Build a minimal NewValueDetector config targeting one variable."""
+    instance: dict = {"params": {}}
+    if header is not None:
+        instance["header_variables"] = [{"pos": header, "params": {}}]
+    else:
+        instance["variables"] = [{"pos": pos, "name": f"var_{pos}", "params": {}}]
+    return {
+        "detectors": {
+            "TestDetector": {
+                "method_type": "new_value_detector",
+                "auto_config": False,
+                "params": {},
+                "events": {event_id: {"inst": instance}},
+            }
+        }
+    }
+
+
+# ---- NewValueDetector warning tests -----------------------------------------
+
+class TestNewValueDetectorMismatchWarnings:
+
+    def test_warn_event_id_never_seen(self, caplog: pytest.LogCaptureFixture) -> None:
+        """Warn when configured EventID is not present in training data at
+        all."""
+        detector = NewValueDetector(name="TestDetector", config=_nvd_config(event_id=99))
+        # Train on EventID=1 only — EventID=99 is never seen
+        for _ in range(3):
+            detector.train(_make_parser_schema(1, ["val"], {"status": "ok"}))
+
+        with caplog.at_level(logging.WARNING):
+            detector.post_train()
+
+        assert any("99" in r.message and "never observed" in r.message for r in caplog.records)
+
+    def test_warn_event_id_seen_but_no_variables_extracted(
+        self, caplog: pytest.LogCaptureFixture
+    ) -> None:
+        """Warn when EventID is seen but configured positional variable is out
+        of bounds."""
+        # Config expects var at position 0, but data has empty variables list
+        detector = NewValueDetector(name="TestDetector", config=_nvd_config(event_id=1, pos=0))
+        for _ in range(3):
+            # EventID=1 IS seen, but variables=[] so get_configured_variables returns {}
+            detector.train(_make_parser_schema(1, [], {"status": "ok"}))
+
+        with caplog.at_level(logging.WARNING):
+            detector.post_train()
+
+        assert any(
+            "1" in r.message and "no configured variables were extracted" in r.message
+            for r in caplog.records
+        )
+
+    def test_warn_header_variable_not_in_log_format(
+        self, caplog: pytest.LogCaptureFixture
+    ) -> None:
+        """Warn when EventID is seen but configured header_variable key is
+        absent."""
+        # Config expects header 'Time', but data has only 'status'
+        detector = NewValueDetector(
+            name="TestDetector", config=_nvd_config(event_id=1, header="Time")
+        )
+        for _ in range(3):
+            detector.train(_make_parser_schema(1, [], {"status": "ok"}))
+
+        with caplog.at_level(logging.WARNING):
+            detector.post_train()
+
+        assert any("no configured variables were extracted" in r.message for r in caplog.records)
+
+    def test_no_warning_when_config_matches_data(
+        self, caplog: pytest.LogCaptureFixture
+    ) -> None:
+        """No warning when configured variables are correctly extracted during
+        training."""
+        detector = NewValueDetector(
+            name="TestDetector", config=_nvd_config(event_id=1, header="status")
+        )
+        for _ in range(3):
+            detector.train(_make_parser_schema(1, [], {"status": "ok"}))
+
+        with caplog.at_level(logging.WARNING):
+            detector.post_train()
+
+        assert not any(r.levelno == logging.WARNING for r in caplog.records)
+
+    def test_auto_config_skips_mismatch_check(
+        self, caplog: pytest.LogCaptureFixture
+    ) -> None:
+        """post_train() does not run coverage check for auto_config=True
+        detectors."""
+        detector = NewValueDetector()  # auto_config=True by default
+        # Train on some data — no mismatch check should fire because auto_config=True
+        for _ in range(3):
+            detector.train(_make_parser_schema(1, ["x"], {"status": "ok"}))
+
+        with caplog.at_level(logging.WARNING):
+            detector.post_train()
+
+        mismatch_warnings = [
+            r for r in caplog.records
+            if "never observed" in r.message or "no configured variables" in r.message
+        ]
+        assert not mismatch_warnings
+
+    def test_auto_config_empty_config_warning(
+        self, caplog: pytest.LogCaptureFixture
+    ) -> None:
+        """Warn in set_configuration() when auto_config produces an empty
+        events config."""
+        detector = NewValueDetector()
+        # configure() with no data → auto_conf_persistency is empty → empty config
+        with caplog.at_level(logging.WARNING):
+            detector.set_configuration()
+
+        assert any("empty configuration" in r.message for r in caplog.records)
+
+
+# ---- NewValueComboDetector warning tests ------------------------------------
+
+class TestNewValueComboDetectorMismatchWarnings:
+
+    def test_warn_event_id_never_seen(self, caplog: pytest.LogCaptureFixture) -> None:
+        """Warn when configured EventID is not present in combo detector
+        training data."""
+        config = {
+            "detectors": {
+                "ComboDetector": {
+                    "method_type": "new_value_combo_detector",
+                    "auto_config": False,
+                    "params": {},
+                    "events": {
+                        99: {
+                            "inst": {
+                                "params": {},
+                                "header_variables": [{"pos": "status", "params": {}}],
+                            }
+                        }
+                    },
+                }
+            }
+        }
+        detector = NewValueComboDetector(name="ComboDetector", config=config)
+        for _ in range(3):
+            detector.train(_make_parser_schema(1, ["val"], {"status": "ok"}))
+
+        with caplog.at_level(logging.WARNING):
+            detector.post_train()
+
+        assert any("99" in r.message and "never observed" in r.message for r in caplog.records)
+
+    def test_no_warning_when_config_matches(
+        self, caplog: pytest.LogCaptureFixture
+    ) -> None:
+        """No warning when combo detector config matches training data."""
+        config = {
+            "detectors": {
+                "ComboDetector": {
+                    "method_type": "new_value_combo_detector",
+                    "auto_config": False,
+                    "params": {},
+                    "events": {
+                        1: {
+                            "inst": {
+                                "params": {},
+                                "header_variables": [{"pos": "status", "params": {}}],
+                            }
+                        }
+                    },
+                }
+            }
+        }
+        detector = NewValueComboDetector(name="ComboDetector", config=config)
+        for _ in range(3):
+            detector.train(_make_parser_schema(1, [], {"status": "ok"}))
+
+        with caplog.at_level(logging.WARNING):
+            detector.post_train()
+
+        assert not any(r.levelno == logging.WARNING for r in caplog.records)
diff --git a/tests/test_detectors/test_new_event_detector.py b/tests/test_detectors/test_new_event_detector.py
new file mode 100644
index 0000000..49ece9a
--- /dev/null
+++ b/tests/test_detectors/test_new_event_detector.py
@@ -0,0 +1,254 @@
+"""Tests for NewEventDetector class.
+
+This module tests the NewEventDetector implementation including:
+- Initialization and configuration
+- Training functionality to learn known values
+- Detection logic for new/unknown values
+- Event-specific configuration handling
+- Input/output schema validation
+"""
+
+from detectmatelibrary.detectors.new_event_detector import NewEventDetector  # , BufferMode
+from detectmatelibrary.parsers.template_matcher import MatcherParser
+from detectmatelibrary.helper.from_to import From
+import detectmatelibrary.schemas as schemas
+
+from detectmatelibrary.utils.aux import time_test_mode
+
+
+# Set time test mode for consistent timestamps
+time_test_mode()
+
+
+config = {
+    "detectors": {
+        # "CustomInit": {
+        #     "method_type": "new_event_detector",
+        #     "auto_config": False,
+        #     "params": {},
+        #     "events": {
+        #         1: {
+        #             "instance1": {
+        #                 "params": {},
+        #                 "variables": [{
+        #                     "pos": 0, "name": "sad", "params": {}
+        #                 }]
+        #             }
+        #         }
+        #     }
+        # },
+        # "MultipleDetector": {
+        #     "method_type": "new_event_detector",
+        #     "auto_config": False,
+        #     "params": {},
+        #     "events": {
+        #         1: {
+        #             "test": {
+        #                 "params": {},
+        #                 "variables": [{
+        #                     "pos": 1, "name": "test", "params": {}
+        #                 }],
+        #                 "header_variables": [{
+        #                     "pos": "level", "params": {}
+        #                 }]
+        #             }
+        #         }
+        #     }
+        # },
+        "NewEventDetector": {
+            "method_type": "new_event_detector",
+            "auto_config": False,
+            "params": {},
+            # "events": {
+            #     3: {
+            #         "test": {
+            #             "params": {},
+            #             #"variables": [{
+            #             #    "pos": 1, "name": "test", "params": {}
+            #             #}],
+            #             "header_variables": [{
+            #                 "pos": "Type", "params": {}
+            #             }]
+            #         }
+            #     }
+            # }
+            "events": {}
+        }
+    }
+}
+
+
+# class TestNewEventDetectorInitialization:
+#     """Test NewEventDetector initialization and configuration."""
+#
+#     def test_default_initialization(self):
+#         """Test detector initialization with default parameters."""
+#         detector = NewEventDetector()
+#
+#         assert detector.name == "NewEventDetector"
+#         assert hasattr(detector, 'config')
+#         assert detector.data_buffer.mode == BufferMode.NO_BUF
+#         assert detector.input_schema == schemas.ParserSchema
+#         assert detector.output_schema == schemas.DetectorSchema
+#         assert hasattr(detector, 'persistency')
+#
+#     def test_custom_config_initialization(self):
+#         """Test detector initialization with custom configuration."""
+#         detector = NewEventDetector(name="CustomInit", config=config)
+#
+#         assert detector.name == "CustomInit"
+#         assert hasattr(detector, 'persistency')
+#         assert isinstance(detector.persistency.events_data, dict)
+#
+#
+# class TestNewEventDetectorTraining:
+#     """Test NewEventDetector training functionality."""
+#
+#     def test_train_multiple_values(self):
+#         """Test training with multiple different values."""
+#         detector = NewEventDetector(config=config, name="MultipleDetector")
+#         # Train with multiple values (only event 1 should be tracked per config)
+#         for event in range(3):
+#             for level in ["INFO", "WARNING", "ERROR"]:
+#                 parser_data = schemas.ParserSchema({
+#                     "parserType": "test",
+#                     "EventID": event,
+#                     "template": "test template",
+#                     "variables": ["0", "assa"],
+#                     "logID": "1",
+#                     "parsedLogID": "1",
+#                     "parserID": "test_parser",
+#                     "log": "test log message",
+#                     "logFormatVariables": {"level": level}
+#                 })
+#                 detector.train(parser_data)
+#
+#         # Only event 1 should be tracked (based on events config)
+#         assert len(detector.persistency.events_data) == 1
+#         event_data = detector.persistency.get_event_data(1)
+#         assert event_data is not None
+#         # Check the level values
+#         assert "INFO" in event_data["level"].unique_set
+#         assert "WARNING" in event_data["level"].unique_set
+#         assert "ERROR" in event_data["level"].unique_set
+#         # Check the variable at position 1 (named "test")
+#         assert "assa" in event_data["test"].unique_set
+#
+#
+# class TestNewEventDetectorDetection:
+#     """Test NewEventDetector detection functionality."""
+#
+#     def test_detect_known_value_no_alert(self):
+#         detector = NewEventDetector(config=config, name="MultipleDetector")
+#
+#         # Train with a value
+#         train_data = schemas.ParserSchema({
+#             "parserType": "test",
+#             "EventID": 1,
+#             "template": "test template",
+#             "variables": ["adsasd", "asdasd"],
+#             "logID": "1",
+#             "parsedLogID": "1",
+#             "parserID": "test_parser",
+#             "log": "test log message",
+#             "logFormatVariables": {"level": "INFO"}
+#         })
+#         detector.train(train_data)
+#
+#         # Detect with the same value
+#         test_data = schemas.ParserSchema({
+#             "parserType": "test",
+#             "EventID": 12,
+#             "template": "test template",
+#             "variables": ["adsasd"],
+#             "logID": "2",
+#             "parsedLogID": "2",
+#             "parserID": "test_parser",
+#             "log": "test log message",
+#             "logFormatVariables": {"level": "CRITICAL"}
+#         })
+#         output = schemas.DetectorSchema()
+#
+#         result = detector.detect(test_data, output)
+#
+#         assert not result
+#         assert output.score == 0.0
+#
+#     def test_detect_known_value_alert(self):
+#         detector = NewEventDetector(config=config, name="MultipleDetector")
+#
+#         # Train with a value
+#         train_data = schemas.ParserSchema({
+#             "parserType": "test",
+#             "EventID": 1,
+#             "template": "test template",
+#             "variables": ["adsasd", "asdasd"],
+#             "logID": "1",
+#             "parsedLogID": "1",
+#             "parserID": "test_parser",
+#             "log": "test log message",
+#             "logFormatVariables": {"level": "INFO"}
+#         })
+#         detector.train(train_data)
+#
+#         # Detect with the same value
+#         test_data = schemas.ParserSchema({
+#             "parserType": "test",
+#             "EventID": 1,
+#             "template": "test template",
+#             "variables": ["adsasd", "asdasd"],
+#             "logID": "2",
+#             "parsedLogID": "2",
+#             "parserID": "test_parser",
+#             "log": "test log message",
+#             "logFormatVariables": {"level": "CRITICAL"}
+#         })
+#         output = schemas.DetectorSchema()
+#
+#         result = detector.detect(test_data, output)
+#
+#         assert result
+#         assert output.score == 1.0
+#
+#
+_PARSER_CONFIG = {
+    "parsers": {
+        "MatcherParser": {
+            "method_type": "matcher_parser",
+            "auto_config": False,
+            "log_format": "type=<Type> msg=audit(<Time>:*): <Content>",
+            "time_format": None,
+            "params": {
+                "remove_spaces": True,
+                "remove_punctuation": True,
+                "lowercase": True,
+                "path_templates": "tests/test_folder/audit_templates.txt",
+            },
+        }
+    }
+}
+
+
+class TestNewEventDetectorEndToEnd:
+    """Regression test: full configure/train/detect pipeline on audit.log."""
+
+    def test_audit_log_anomalies(self):
+        parser = MatcherParser(config=_PARSER_CONFIG)
+        detector = NewEventDetector(config=config, name="NewEventDetector")
+
+        logs = list(From.log(parser, in_path="tests/test_folder/audit.log", do_process=True))
+
+        for log in logs[:1800]:
+            detector.configure(log)
+        detector.set_configuration()
+
+        for log in logs[:1800]:
+            detector.train(log)
+
+        detected_ids: set[str] = set()
+        for log in logs[1800:]:
+            output = schemas.DetectorSchema()
+            if detector.detect(log, output_=output):
+                detected_ids.add(log["logID"])
+
+        # assert detected_ids == {'1859', '1860', '1861', '1862', '1864', '1865', '1866', '1867'}
diff --git a/tests/test_detectors/test_new_value_combo_detector.py b/tests/test_detectors/test_new_value_combo_detector.py
index af45bd7..d3c123a 100644
--- a/tests/test_detectors/test_new_value_combo_detector.py
+++ b/tests/test_detectors/test_new_value_combo_detector.py
@@ -9,8 +9,6 @@
 
 from detectmatelibrary.utils.aux import time_test_mode
 
-import pytest
-
 # Set time test mode for consistent timestamps
 time_test_mode()
 
@@ -21,7 +19,7 @@
             "method_type": "new_value_combo_detector",
             "auto_config": False,
             "params": {
-                "comb_size": 4
+                "max_combo_size": 4
             },
             "events": {
                 1: {
@@ -38,7 +36,7 @@
             "method_type": "new_value_combo_detector",
             "auto_config": False,
             "params": {
-                "comb_size": 2
+                "max_combo_size": 2
             },
             "events": {
                 1: {
@@ -72,7 +70,7 @@ def test_custom_config_initialization(self):
         detector = NewValueComboDetector(name="CustomInit", config=config)
 
         assert detector.name == "CustomInit"
-        assert detector.config.comb_size == 4
+        assert detector.config.max_combo_size == 4
 
 
 class TestNewValueComboDetectorTraining:
@@ -215,14 +213,14 @@ def test_generate_detector_config_basic(self):
             variable_selection=variable_selection,
             detector_name="TestDetector",
             method_type="new_value_combo_detector",
-            comb_size=2
+            max_combo_size=2
         )
 
         assert "detectors" in config_dict
         assert "TestDetector" in config_dict["detectors"]
         detector_config = config_dict["detectors"]["TestDetector"]
         assert detector_config["method_type"] == "new_value_combo_detector"
-        assert detector_config["params"]["comb_size"] == 2
+        assert detector_config["params"]["max_combo_size"] == 2
         assert len(detector_config["events"]) == 1
 
     def test_generate_detector_config_multiple_events(self):
@@ -291,7 +289,7 @@ def test_set_configuration_updates_config(self):
 
         # Verify config was updated
         assert detector.config.events is not None
-        assert detector.config.comb_size == 2
+        assert detector.config.max_combo_size == 2
 
     def test_configuration_workflow(self):
         """Test complete configuration workflow like in notebook."""
@@ -362,8 +360,8 @@ def test_set_configuration_with_combo_size(self):
         # Set configuration with specific combo size
         detector.set_configuration(max_combo_size=4)
 
-        # Verify comb_size was updated
-        assert detector.config.comb_size == 4
+        # Verify max_combo_size was updated
+        assert detector.config.max_combo_size == 4
 
     def test_configuration_with_no_stable_variables(self):
         """Test configuration when no stable variables are found."""
@@ -551,14 +549,8 @@ def test_configure_only_selects_stable_event_types(self):
         "MatcherParser": {
             "method_type": "matcher_parser",
             "auto_config": False,
-            "log_format": "type=<Type> msg=audit\\(<Time>\\): <Content>",
-            "time_format": None,
-            "params": {
-                "remove_spaces": True,
-                "remove_punctuation": True,
-                "lowercase": True,
-                "path_templates": "tests/test_folder/audit_templates.txt",
-            },
+            "log_format": "type=<Type> msg=audit(<Time>): <Content>",
+            "params": {"path_templates": "tests/test_folder/audit_templates.txt"},
         }
     }
 }
@@ -566,7 +558,6 @@ def test_configure_only_selects_stable_event_types(self):
 
 class TestNewValueComboDetectorEndToEndWithRealData:
     """Regression test: full configure/train/detect pipeline on audit.log."""
-    @pytest.mark.skip(reason="no way of currently testing this")
     def test_audit_log_anomalies(self):
         parser = MatcherParser(config=_PARSER_CONFIG)
         detector = NewValueComboDetector()
@@ -586,4 +577,4 @@ def test_audit_log_anomalies(self):
             if detector.detect(log, output_=output):
                 detected_ids.add(log["logID"])
 
-        print(detected_ids)
+        assert detected_ids == {"1859", "1862", "1865", "1866"}
diff --git a/tests/test_detectors/test_new_value_detector.py b/tests/test_detectors/test_new_value_detector.py
index 99dcc95..f0918d3 100644
--- a/tests/test_detectors/test_new_value_detector.py
+++ b/tests/test_detectors/test_new_value_detector.py
@@ -20,8 +20,6 @@
 
 from detectmatelibrary.utils.aux import time_test_mode
 
-import pytest
-
 # Set time test mode for consistent timestamps
 time_test_mode()
 
@@ -245,7 +243,6 @@ class TestNewValueDetectorAutoConfig:
     """Test that process() drives configure/set_configuration/train/detect
     automatically."""
 
-    @pytest.mark.skip(reason="This test is too late")
     def test_audit_log_anomalies_via_process(self):
         parser = MatcherParser(config=_PARSER_CONFIG)
         detector = NewValueDetector()
@@ -278,7 +275,6 @@ def test_audit_log_anomalies_via_process(self):
 class TestNewValueDetectorGlobalInstances:
     """Tests event-ID-independent global instance detection."""
 
-    @pytest.mark.skip(reason="This test is too late")
     def test_global_instance_detects_new_type(self):
         """Global instance monitoring Type detects CRED_REFR, USER_AUTH,
         USER_CMD which only appear after the training window (line 1800+)."""
diff --git a/tests/test_folder/test_config.yaml b/tests/test_folder/test_config.yaml
index ff679b1..0c38f27 100644
--- a/tests/test_folder/test_config.yaml
+++ b/tests/test_folder/test_config.yaml
@@ -165,3 +165,35 @@ detectors:
     method_type: new_value_combo_detector
     parser: example_parser_1
     auto_config: true
+
+  detector_named_pos:
+    method_type: ExampleDetector
+    parser: example_parser_1
+    auto_config: false
+    params: {}
+    events:
+      1:  # positional event_id; named wildcards in .txt templates use int event keys
+        example_detector_1:
+          params: {}
+          variables:
+            - pos: pid  # named label; no 'name' field needed
+            - pos: op
+              params:
+                threshold: 0.5
+          header_variables:
+            - pos: Level
+              params:
+                threshold: 0.2
+
+  detector_named_event_id:
+    method_type: ExampleDetector
+    parser: example_parser_1
+    auto_config: false
+    params: {}
+    events:
+      login_failure:  # named event_id; only valid for CSV templates with an EventId column
+        example_detector_1:
+          params: {}
+          variables:
+            - pos: pid
+            - pos: uid
diff --git a/tests/test_folder/test_named_templates.csv b/tests/test_folder/test_named_templates.csv
new file mode 100644
index 0000000..3ce1622
--- /dev/null
+++ b/tests/test_folder/test_named_templates.csv
@@ -0,0 +1,2 @@
+EventId,EventTemplate
+login_failure,"pid=<pid> uid=<uid> auid=<auid> ses=<ses> msg='op=PAM:<op> acct=<acct>"
diff --git a/tests/test_folder/test_named_templates.txt b/tests/test_folder/test_named_templates.txt
new file mode 100644
index 0000000..1ef130f
--- /dev/null
+++ b/tests/test_folder/test_named_templates.txt
@@ -0,0 +1 @@
+pid=<pid> uid=<uid> auid=<auid> ses=<ses> msg='op=PAM:<op> acct=<acct>
diff --git a/tests/test_parsers/test_template_matcher.py b/tests/test_parsers/test_template_matcher.py
index c5c892e..9e5cf5c 100644
--- a/tests/test_parsers/test_template_matcher.py
+++ b/tests/test_parsers/test_template_matcher.py
@@ -3,6 +3,8 @@
 from detectmatelibrary.parsers.template_matcher import (
     MatcherParser, MatcherParserConfig, TemplatesNotFoundError
 )
+from detectmatelibrary.parsers.template_matcher._parser import _compile_templates
+from detectmatelibrary.common._config._formats import EventsConfig
 from detectmatelibrary import schemas
 
 test_template = [
@@ -13,6 +15,24 @@
 
 
 class TestMatcherParserBasic:
+    def test_no_path_templates(self):
+        config_dict = {
+            "parsers": {
+                "MatcherParser": {
+                    "auto_config": True,
+                    "method_type": "matcher_parser",
+                }
+            }
+        }
+        parser = MatcherParser(name="MatcherParser", config=config_dict)
+        input_log = schemas.LogSchema({"log": test_log_match})
+        output_data = schemas.ParserSchema()
+        parser.parse(input_log, output_data)
+
+        assert output_data.template == "<Not Found>"
+        assert output_data.EventID == -1
+        assert output_data.variables == []
+
     def test_templates_not_found(self):
         config_dict = {
             "parsers": {
@@ -77,3 +97,147 @@ def test_custom_preprocessing_flags(self):
         parser.parse(input_log, output_data)
         # Still matches template even with preprocessing disabled
         assert output_data.template == test_template[0]
+
+
+class TestCompileTemplates:
+    def test_named_wildcards_compiled_to_anon(self):
+        raw = ["pid=<pid> uid=<uid> auid=<auid>"]
+        compiled, metadata = _compile_templates(raw)
+        assert compiled == ["pid=<*> uid=<*> auid=<*>"]
+        assert metadata[0]["labels"] == ["pid", "uid", "auid"]
+        assert metadata[0]["event_id_label"] is None
+
+    def test_anonymous_wildcards_unchanged(self):
+        raw = ["pid=<*> uid=<*>"]
+        compiled, metadata = _compile_templates(raw)
+        assert compiled == ["pid=<*> uid=<*>"]
+        assert metadata[0]["labels"] == []
+        assert metadata[0]["event_id_label"] is None
+
+    def test_event_id_label_stored(self):
+        raw = ["pid=<pid> uid=<uid>"]
+        eid_labels: list[str | None] = ["login_failure"]
+        compiled, metadata = _compile_templates(raw, eid_labels)
+        assert compiled == ["pid=<*> uid=<*>"]
+        assert metadata[0]["event_id_label"] == "login_failure"
+        assert metadata[0]["labels"] == ["pid", "uid"]
+
+    def test_mixing_raises_value_error(self):
+        raw = ["pid=<*> uid=<uid>"]
+        with pytest.raises(ValueError, match="mixes"):
+            _compile_templates(raw)
+
+    def test_multiple_templates(self):
+        raw = ["pid=<pid> uid=<uid>", "arch=<*> syscall=<*>"]
+        compiled, metadata = _compile_templates(raw)
+        assert compiled[0] == "pid=<*> uid=<*>"
+        assert compiled[1] == "arch=<*> syscall=<*>"
+        assert metadata[0]["labels"] == ["pid", "uid"]
+        assert metadata[1]["labels"] == []
+
+
+class TestNamedWildcardsTxt:
+    """Named wildcards in .txt template files (event IDs remain positional)."""
+
+    named_template_compiled = "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=PAM:<*> acct=<*>"
+
+    def test_match_produces_correct_variables(self):
+        config = MatcherParserConfig(path_templates="tests/test_folder/test_named_templates.txt")
+        parser = MatcherParser(name="MatcherParser", config=config)
+        input_log = schemas.LogSchema({"log": test_log_match})
+        output_data = schemas.ParserSchema()
+        parser.parse(input_log, output_data)
+
+        assert output_data.template == self.named_template_compiled
+        assert output_data.EventID == 0
+        assert len(output_data.variables) == 6
+
+    def test_compile_resolves_named_positions(self):
+        config = MatcherParserConfig(path_templates="tests/test_folder/test_named_templates.txt")
+        parser = MatcherParser(name="MatcherParser", config=config)
+
+        raw_events: dict = {
+            0: {
+                "my_detector": {
+                    "params": {},
+                    "variables": [
+                        {"pos": "pid"},
+                        {"pos": "op"},
+                    ]
+                }
+            }
+        }
+        events_config = EventsConfig._init(raw_events)
+        compiled = parser.template_matcher.compile_detector_config(events_config)
+
+        # pid is label 0 → pos 0; op is label 4 → pos 4
+        resolved_vars = compiled.events[0].variables
+        assert 0 in resolved_vars
+        assert resolved_vars[0].name == "pid"
+        assert 4 in resolved_vars
+        assert resolved_vars[4].name == "op"
+
+    def test_compile_unknown_label_raises(self):
+        config = MatcherParserConfig(path_templates="tests/test_folder/test_named_templates.txt")
+        parser = MatcherParser(name="MatcherParser", config=config)
+
+        raw_events: dict = {
+            0: {"d": {"params": {}, "variables": [{"pos": "nonexistent"}]}}
+        }
+        events_config = EventsConfig._init(raw_events)
+        with pytest.raises(ValueError, match="nonexistent"):
+            parser.template_matcher.compile_detector_config(events_config)
+
+
+class TestNamedEventIdCsv:
+    """Named event IDs via CSV EventId column."""
+
+    named_template_compiled = "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=PAM:<*> acct=<*>"
+
+    def test_match_produces_correct_variables(self):
+        config = MatcherParserConfig(path_templates="tests/test_folder/test_named_templates.csv")
+        parser = MatcherParser(name="MatcherParser", config=config)
+        input_log = schemas.LogSchema({"log": test_log_match})
+        output_data = schemas.ParserSchema()
+        parser.parse(input_log, output_data)
+
+        assert output_data.template == self.named_template_compiled
+        assert output_data.EventID == 0
+        assert len(output_data.variables) == 6
+
+    def test_compile_resolves_named_event_key(self):
+        config = MatcherParserConfig(path_templates="tests/test_folder/test_named_templates.csv")
+        parser = MatcherParser(name="MatcherParser", config=config)
+
+        raw_events: dict = {
+            "login_failure": {
+                "my_detector": {
+                    "params": {},
+                    "variables": [
+                        {"pos": "pid"},
+                        {"pos": "uid"},
+                    ]
+                }
+            }
+        }
+        events_config = EventsConfig._init(raw_events)
+        compiled = parser.template_matcher.compile_detector_config(events_config)
+
+        # "login_failure" → int key 0
+        assert 0 in compiled.events
+        resolved_vars = compiled.events[0].variables
+        assert 0 in resolved_vars and resolved_vars[0].name == "pid"
+        assert 1 in resolved_vars and resolved_vars[1].name == "uid"
+
+    def test_positional_int_event_key_still_works(self):
+        config = MatcherParserConfig(path_templates="tests/test_folder/test_named_templates.csv")
+        parser = MatcherParser(name="MatcherParser", config=config)
+
+        raw_events: dict = {
+            0: {"d": {"params": {}, "variables": [{"pos": 0, "name": "process_id"}]}}
+        }
+        events_config = EventsConfig._init(raw_events)
+        compiled = parser.template_matcher.compile_detector_config(events_config)
+
+        assert 0 in compiled.events
+        assert compiled.events[0].variables[0].name == "process_id"
diff --git a/tests/test_pipelines/test_configuration_engine.py b/tests/test_pipelines/test_configuration_engine.py
index 875b489..272ae90 100644
--- a/tests/test_pipelines/test_configuration_engine.py
+++ b/tests/test_pipelines/test_configuration_engine.py
@@ -2,7 +2,6 @@
 from detectmatelibrary.parsers.template_matcher import MatcherParser
 from detectmatelibrary.helper.from_to import From
 
-import pytest
 import json
 
 AUDIT_LOG = "tests/test_folder/audit.log"
@@ -33,7 +32,6 @@ def load_expected_anomaly_ids() -> set[str]:
 
 class TestConfigurationEngineManual:
     """Mirrors the manual flow in 05_configuration_engine/detect.py."""
-    @pytest.mark.skip(reason="no way of currently testing this")
     def test_configure_train_detect(self) -> None:
         parser = MatcherParser(config=parser_config)
         detector = NewValueDetector()
@@ -60,7 +58,6 @@ def test_configure_train_detect(self) -> None:
 class TestConfigurationEngineAutomatic:
     """Tests the automated configure phase via process()."""
 
-    @pytest.mark.skip(reason="no way of currently testing this")
     def test_process_configure_train_detect(self) -> None:
         parser = MatcherParser(config=parser_config)
         config = NewValueDetectorConfig(data_use_configure=TRAIN_UNTIL)
diff --git a/tests/test_utils/test_aux.py b/tests/test_utils/test_aux.py
index 52c4466..6ef9545 100644
--- a/tests/test_utils/test_aux.py
+++ b/tests/test_utils/test_aux.py
@@ -4,8 +4,6 @@
 from datetime import datetime
 from time import sleep
 
-import pytest
-
 
 class TestTimestamp:
     def test_test_mode(self) -> None:
@@ -16,7 +14,6 @@ def test_no_test_mode(self) -> None:
         time_test_mode(False)
         assert get_timestamp() != 0
 
-    @pytest.mark.skip(reason="This test is too slow")
     def test_get_timestamp(self) -> None:
         time = get_timestamp()
         sleep(1)
diff --git a/tests/test_utils/test_events_seen.py b/tests/test_utils/test_events_seen.py
new file mode 100644
index 0000000..62467e3
--- /dev/null
+++ b/tests/test_utils/test_events_seen.py
@@ -0,0 +1,66 @@
+"""Tests for EventPersistency.events_seen tracking."""
+
+from detectmatelibrary.utils.persistency.event_persistency import EventPersistency
+from detectmatelibrary.utils.persistency.event_data_structures.trackers import EventStabilityTracker
+
+
+class TestEventsSeen:
+    """Test that events_seen tracks all event IDs passed to ingest_event()."""
+
+    def setup_method(self) -> None:
+        self.persistency = EventPersistency(event_data_class=EventStabilityTracker)
+
+    def test_events_seen_recorded_on_early_return(self) -> None:
+        """Event ID is tracked even when variables are empty (early-return
+        path)."""
+        self.persistency.ingest_event(
+            event_id="E1",
+            event_template="some template",
+            variables=[],
+            named_variables={}
+        )
+        assert "E1" in self.persistency.get_events_seen()
+        assert "E1" not in self.persistency.get_events_data()
+
+    def test_events_seen_recorded_with_data(self) -> None:
+        """Event ID is tracked when variables are present."""
+        self.persistency.ingest_event(
+            event_id="E2",
+            event_template="some template",
+            named_variables={"status": "ok"}
+        )
+        assert "E2" in self.persistency.get_events_seen()
+        assert "E2" in self.persistency.get_events_data()
+
+    def test_events_seen_not_duplicated(self) -> None:
+        """Repeated calls for the same event ID produce a single entry."""
+        for _ in range(5):
+            self.persistency.ingest_event(
+                event_id=42,
+                event_template="t",
+                named_variables={"x": "v"}
+            )
+        assert len(self.persistency.get_events_seen()) == 1
+        assert 42 in self.persistency.get_events_seen()
+
+    def test_events_seen_tracks_multiple_ids(self) -> None:
+        """Multiple distinct event IDs are all tracked."""
+        for eid in [1, 2, 3]:
+            self.persistency.ingest_event(
+                event_id=eid,
+                event_template="t",
+                named_variables={"x": str(eid)}
+            )
+        assert self.persistency.get_events_seen() == {1, 2, 3}
+
+    def test_get_events_seen_returns_set(self) -> None:
+        """get_events_seen() returns a set."""
+        result = self.persistency.get_events_seen()
+        assert isinstance(result, set)
+
+    def test_events_seen_mixed_empty_and_nonempty(self) -> None:
+        """Events seen with and without data are both in events_seen."""
+        self.persistency.ingest_event(event_id=1, event_template="t")
+        self.persistency.ingest_event(event_id=2, event_template="t", named_variables={"k": "v"})
+        assert {1, 2} == self.persistency.get_events_seen()
+        assert set(self.persistency.get_events_data().keys()) == {2}
diff --git a/tests/test_utils/test_stability_tracking.py b/tests/test_utils/test_stability_tracking.py
index 1b92a8d..c36b34b 100644
--- a/tests/test_utils/test_stability_tracking.py
+++ b/tests/test_utils/test_stability_tracking.py
@@ -290,7 +290,7 @@ def test_get_stable_variables(self):
                 "random_var": f"unique_{i}",
             })
 
-        stable_vars = trackers.get_variables_by_classification("STABLE")
+        stable_vars = trackers.get_features_by_classification("STABLE")
         assert isinstance(stable_vars, list)
         # "stable_var" should be classified as STATIC
 
@@ -360,7 +360,7 @@ def test_get_stable_variables(self):
                 "random_var": f"unique_{i}",
             })
 
-        stable_vars = evt.get_variables_by_classification("STABLE")
+        stable_vars = evt.get_features_by_classification("STABLE")
         assert isinstance(stable_vars, list)
 
     def test_integration_with_stability_tracker(self):
@@ -377,7 +377,7 @@ def test_integration_with_stability_tracker(self):
 
         # Get data and variables
         var_names = evt.get_variables()
-        stable_vars = evt.get_variables_by_classification("STABLE")
+        stable_vars = evt.get_features_by_classification("STABLE")
 
         assert len(var_names) == 3
         assert isinstance(stable_vars, list)
@@ -529,7 +529,7 @@ def test_event_variable_tracker_real_world_scenario(self):
             })
 
         var_names = evt.get_variables()
-        stable_vars = evt.get_variables_by_classification("STABLE")
+        stable_vars = evt.get_features_by_classification("STABLE")
 
         assert len(var_names) == 5
         assert isinstance(stable_vars, list)