Interpreting categorized change information in order to build and maintain change catalogs
First Claim
1. A method comprising:
- receiving at least one change catalog by a monitor server, wherein the at least one change catalog comprises information related to an expected change to a target host;
receiving, by the monitor server, change data associated with a plurality of changes captured on the target host, the target host providing the change data in response to detecting the plurality of changes;
analyzing, by the monitor server, the change data in order to group the change data into clusters of potentially related changes; and
correlating, by the monitor server, the clusters with the at least one change catalog in order to classify at least one of the clusters as being related to the to the expected change to the target host;
determining, for at least one other cluster not included within the at least one of the clusters, at least one other reason for the plurality of changes; and
updating the at least one change catalog with the at least one other reason.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and articles for receiving, by a monitor server, change data associated with a change captured on a target host, are described herein. In various embodiments, the target host may have provided the change data in response to detecting the change, and the change data may include one or more rules, settings, and/or parameters. Further, in some embodiments, the monitor server may then group the change data into clusters and may correlate the clusters with a change catalog in order to provide a possible reason or cause for the cluster of changes. Once the change data have been classified as clusters, a report may be generated providing classification or categorization and cluster information for the various changes. In various embodiments, the generating may comprise generating a report to the target host and/or to an administrative user. In various embodiments, a reason may be determined for causing a cluster of changes and the change catalog may updated with the reason.
60 Citations
22 Claims
-
1. A method comprising:
-
receiving at least one change catalog by a monitor server, wherein the at least one change catalog comprises information related to an expected change to a target host; receiving, by the monitor server, change data associated with a plurality of changes captured on the target host, the target host providing the change data in response to detecting the plurality of changes; analyzing, by the monitor server, the change data in order to group the change data into clusters of potentially related changes; and correlating, by the monitor server, the clusters with the at least one change catalog in order to classify at least one of the clusters as being related to the to the expected change to the target host; determining, for at least one other cluster not included within the at least one of the clusters, at least one other reason for the plurality of changes; and updating the at least one change catalog with the at least one other reason.
-
-
2. The method of claim 1, further comprising:
-
in response to receiving the change data, generating, by the monitor server, an event; and performing said determining in response to the generated event.
-
-
3. The method of claim 1, wherein the change data includes a rule that generated the change, an identification of the target host, a name of a data element associated with the change, and element data associated with the change.
-
4. The method of claim 1, further comprising filtering, by the monitor server, the received change data and conditionally performing the determining based on a result of the filtering.
-
5. The method of claim 1, further comprising generating a report, wherein the report relates to the correlation of the clusters.
-
6. The method of claim 1, further comprising:
-
determining, by the monitor server, whether the change data violates one or more compliance policies; and generating, by the monitor server, one or more test results based at least on the results of the determining.
-
-
7. The method of claim 6, wherein each compliance policy includes one or more of a rule, a change name, one or more waivers from the policy, and an expression for evaluating the change data.
-
8. The method of claim 6, further comprising filtering, by the monitor server, the received change data and performing the determining based on a result of the filtering.
-
9. The method of claim 6, wherein the determining comprises evaluating an expression of at least one of the compliance policies against element data specified in the change data.
-
10. The method of claim 6, further comprising:
-
analyzing, by the monitor server, the one or more test results in order to group the one or more test results into test result clusters; and correlating, by the monitor server, the test result clusters with the at least one change catalog in order to classify at least one of the test result clusters as being related to the expected change to the target host.
-
-
11. The method of claim 10, further comprising generating a report, wherein the report relates to the correlation of the test result clusters.
-
12. A monitor server comprising:
-
a processor; a change database for storing change data associated with a plurality of changes captured on a target host, the target host providing the change data in response to detecting the plurality of changes; and logic communicatively coupled to the change database and to be operated by the processor to; receive the change data from a target host computer; store the change data in the change database; analyze the change data in order to group the change data into clusters; retrieve at least one change catalog, wherein the at least one change catalog comprises information related to an expected change to the target host computer; correlate the clusters with the at least one change catalog in order to classify at least one of the clusters as being related to the expected change to the target host computer; determine, for at least one other cluster not included within the at least one of the clusters, at least one other reason for the plurality of changes; and update the at least one change catalog with the at least one other reason.
-
-
13. The monitor server of claim 12, wherein the at least one change catalog is located within the change database.
-
14. The monitor server of claim 13, wherein the logic is further to:
classify the clusters relating to a potential reason for the plurality of changes by inferring a categorization for at least some of the clusters based upon at least one known enterprise change.
-
15. The monitor server of claim 13, wherein the logic is further to:
-
in response to receiving the change data, generate an event; and perform said determine in response to the generated event.
-
-
16. The monitor server of claim 12, wherein the logic is further to:
-
determine whether the change data violates one or more compliance policies; and generate one or more test results based at least on the results of the determining.
-
-
17. The monitor server of claim 16, wherein the one or more compliance policies ensure that the target host is in compliance with one or more standards.
-
18. The monitor server of claim 16, wherein the logic is further to:
filter the received change data and perform the determining based on a result of the filtering.
-
19. The monitor server of claim 16, wherein the logic is further to:
evaluate an expression of at least one of the compliance policies against element data specified in the change data.
-
20. The monitor server of claim 16, wherein the logic is further to:
-
analyze the one or more test results in order to group the one or more test results into test result clusters; and correlate the test result clusters with at least one change catalog in order to classify at least one of the test result clusters as being related to the expected change to the target host.
-
-
21. The monitor server of claim 20, wherein the logic is further to:
generate a report, wherein the report relates to the correlation of the test result clusters.
-
22. A non-transitory computer-readable storage medium storing a plurality of programming instructions that, when executed by a computing device, cause the computing device to perform operations, the operations comprising:
-
receive change data associated with a plurality of changes captured on a target host, the target host providing the change data in response to detecting the plurality of changes, wherein the change data includes one or more rules, settings, and/or parameters; analyze the change data in order to group the change data into clusters; retrieve at least one change catalog, wherein the at least one change catalog comprises information related to an expected change to the target host; correlate the clusters with the at least one change catalog in order to classify at least one of the clusters as being related to the expected change to the target host; determine, for at least one other cluster not included within the at least one of the clusters, at least one other reason for the plurality of changes; and update the at least one change catalog with the at least one other reason.
-
Specification