REMEDIATING EVENTS USING BEHAVIORS
First Claim
1. A method for remediating events using behaviors via an administrator system, the method comprising:
- receiving an event from a component of an information technology (IT) environment;
determining a behavior at least partly from the event;
determining that the behavior is an anomalous behavior at least partly from a group of previously received events;
calculating a coefficient via a calculation for the anomalous behavior at least partly from a weight;
sending a description of the anomalous behavior and a group of options to an administrator client, the description is at least partly based on the calculation;
receiving a severity indication from the administrator client; and
updating the weight, the calculation, and the description based on the severity indication.
1 Assignment
0 Petitions
Accused Products
Abstract
Remediating events of components using behaviors via an administrator system and an administrator client. The administrator system receives an event from a component of an information technology (IT) environment. A behavior is determined at least partly from the event. The behavior is determined to be an anomalous behavior at least partly from a group of previously received events. A coefficient is calculated, via a calculation, for the anomalous behavior at least partly from a weight. The administrator system sends a description of the anomalous behavior and a group of options to the administrator client. The description is at least partly based on the calculation. The administrator system receives a severity indication from the administrator client. The weight, the calculation, and the description are updated based on the severity indication.
-
Citations
25 Claims
-
1. A method for remediating events using behaviors via an administrator system, the method comprising:
-
receiving an event from a component of an information technology (IT) environment; determining a behavior at least partly from the event; determining that the behavior is an anomalous behavior at least partly from a group of previously received events; calculating a coefficient via a calculation for the anomalous behavior at least partly from a weight; sending a description of the anomalous behavior and a group of options to an administrator client, the description is at least partly based on the calculation; receiving a severity indication from the administrator client; and updating the weight, the calculation, and the description based on the severity indication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for remediating events using behaviors via an administrator client, the method comprising:
-
receiving a first description of an anomalous behavior and a group of options from an administrator system, the description is at least partly based on a calculation, wherein; an event is received from a component of an information technology (IT) environment; a behavior is determined at least partly from the event; the behavior is determined to be an anomalous behavior at least partly from a group of previously received events; a coefficient is calculated via the calculation for the anomalous behavior at least partly from a weight; and sending a severity indication to the administrator system, wherein the weight, the calculation, and the description are updated based on the severity indication. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for remediating events using behaviors via component of an information technology environment, the method comprising:
-
sending an event to an administrator system of the information technology (IT) environment, wherein; a behavior is determined at least partly from the event; the behavior is determined to be an anomalous behavior at least partly from a group of previously received events; a coefficient is calculated via a calculation for the anomalous behavior at least partly from a weight; a description of the anomalous behavior and a group of options is sent to an administrator client, the description is at least partly based on the calculation; a severity indication is received from the administrator client; the weight, the calculation, and the description are updated based on the severity indication; and receiving a command associated with a script to remediate the event. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
Specification