System and Method For Correlating Fingerprints For Automated Intelligence
First Claim
1. A method comprising:
- capturing a first fingerprint of at least a portion of an information technology (IT) infrastructure associated with a certain event relating to the IT infrastructure;
capturing a second fingerprint of at least a portion of the IT infrastructure associated with a event relating to the IT infrastructure;
determining whether a correlation exists between the first and second fingerprints such that the first and second fingerprints each provide an indication of at least a portion of the same event relating to the IT infrastructure.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for correlating fingerprints in an Information Technology (IT) infrastructure for automated intelligence, where a fingerprint provides an indication of the activity and operation of the IT infrastructure immediately preceding an event. It is determined whether a correlation exists between multiple fingerprints to determine whether such fingerprints separately indicate the occurrence of the event for the same reason. If a degree of match is found to exist between the rule sets of multiple fingerprints that exceeds a certain threshold, the fingerprints are determined to indicate the occurrence of the event for the same reason and the rule sets for those fingerprints can be merged together with the probabilities that such rules will indicate the occurrence of the event adjusted accordingly. In one or more embodiments, the fingerprint matching correlation procedures are implemented to account for time or phase shifts between the rule sets in two fingerprints.
67 Citations
21 Claims
-
1. A method comprising:
-
capturing a first fingerprint of at least a portion of an information technology (IT) infrastructure associated with a certain event relating to the IT infrastructure; capturing a second fingerprint of at least a portion of the IT infrastructure associated with a event relating to the IT infrastructure; determining whether a correlation exists between the first and second fingerprints such that the first and second fingerprints each provide an indication of at least a portion of the same event relating to the IT infrastructure. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A machine-readable medium having program instructions stored thereon executable by a processing unit of a special-purpose network monitoring server for performing the steps of:
-
capturing a first fingerprint of at least a portion of an information technology (IT) infrastructure associated with a certain event relating to the IT infrastructure; capturing a second fingerprint of at least a portion of the IT infrastructure associated with a event relating to the IT infrastructure; and determining whether a correlation exists between the first and second fingerprints such that the first and second fingerprints each provide an indication of at least a portion of the same event relating to the IT infrastructure. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a fingerprint capturing module for capturing a first fingerprint of at least a portion of an information technology (IT) infrastructure associated with a certain event relating to the IT infrastructure, the fingerprint capturing module further capturing a second fingerprint of at least a portion of the IT infrastructure associated with a event relating to the IT infrastructure; and a fingerprint correlation module for determining whether a correlation exists between the first and second fingerprints such that the first and second fingerprints each provide an indication of at least a portion of the same event relating to the IT infrastructure. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification