System and method for automated detection of anomalies in the values of configuration item parameters
First Claim
1. A method of analyzing and prioritizing configuration parameters in an information technology system, comprising:
- collecting configuration parameters from computer stations connected in a network implementing the information technology system;
storing the collected configuration parameters in a database;
analyzing the configuration parameters by a set of anomaly routines, wherein each anomaly routine checks for a specific type of anomaly and provides a score representing a level of conformity of the value of the configuration parameters to the anomaly;
aggregating the anomaly scores;
outputting a list of configuration parameters with an aggregated anomaly score;
wherein the anomaly routines include identifying a delta anomaly that estimates if the value of the configuration parameter is in an expected range of values;
wherein the expected range of values is obtained based on the values of the same configuration parameter in other stations of the network; and
/orwherein the anomaly routines include identifying a policy violation anomaly that verifies that the value of the configuration parameter does not violate a user specified rule.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for analyzing and prioritizing configuration parameters in an information technology system, including collecting configuration parameters from computer stations connected in a network implementing the information technology system, storing the collected configuration parameters in a database, analyzing the configuration parameters by a set of anomaly routines, wherein each anomaly routine checks for a specific type of anomaly and provides a score representing a level of conformity of the value of the configuration parameters to the anomaly, aggregating the anomaly scores; and outputting a list of configuration parameters with an aggregated anomaly score.
10 Citations
20 Claims
-
1. A method of analyzing and prioritizing configuration parameters in an information technology system, comprising:
-
collecting configuration parameters from computer stations connected in a network implementing the information technology system; storing the collected configuration parameters in a database; analyzing the configuration parameters by a set of anomaly routines, wherein each anomaly routine checks for a specific type of anomaly and provides a score representing a level of conformity of the value of the configuration parameters to the anomaly; aggregating the anomaly scores; outputting a list of configuration parameters with an aggregated anomaly score; wherein the anomaly routines include identifying a delta anomaly that estimates if the value of the configuration parameter is in an expected range of values;
wherein the expected range of values is obtained based on the values of the same configuration parameter in other stations of the network; and
/orwherein the anomaly routines include identifying a policy violation anomaly that verifies that the value of the configuration parameter does not violate a user specified rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of analyzing and prioritizing configuration parameters in an information technology system, comprising:
-
collecting configuration, parameters from computer stations connected in a network implementing the information technology system; storing the collected configuration parameters in a database; analyzing the configuration parameters by a set of anomaly routines, wherein each anomaly routine checks for a specific type of anomaly and provides a score representing a level of conformity of the value of the configuration parameters to the anomaly; aggregating the anomaly scores; outputting a list of configuration parameters with an aggregated anomaly score; wherein the analyzing further comprises; comparing the values of configuration parameters of a station from a later time with previous values of configuration parameters of the station; determining changes in the configuration parameters by said comparing; analyzing the determined changes by a set of anomaly routines, wherein each anomaly routine checks for a specific type of anomaly and provides a score representing the level of conformity of the changes in the configuration parameters to the anomaly; wherein the anomaly routines include comparing the data type of the previous value to the data type of the value at the later time and identifying an anomaly if the data type changed; wherein a data type change from a numerical value to a non-numerical value or vice versa is more severe and is designated by a higher anomaly score than a change from one numerical representation to another.
-
-
15. A system for analyzing and prioritizing configuration parameters of applications in an information technology system, comprising:
-
an agent application configured to collect configuration parameters of applications executed on computer stations connected in a network implementing the information technology system; a database configured to store the collected configuration parameters; a server computer configured to execute a program that analyzes the configuration parameters by a set of anomaly routines, wherein each anomaly routine checks for a specific type of anomaly and provides a score representing a level of conformity of the value of the configuration parameter to the anomaly;
aggregating the anomaly scores; and
outputting a list of configuration parameters with an aggregated anomaly score;wherein the anomaly routines include identifying a delta anomaly that estimates if the value of the configuration parameter is in an expected range of values;
wherein the expected range of values is obtained based on the values of the same configuration parameter in other stations of the network; and
/orwherein the anomaly routines include identifying a policy violation anomaly that verifies that the value of the configuration parameter does not violate a user specified rule. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification