System and method for correlating fingerprints for automated intelligence
First Claim
1. A method comprising:
- capturing a first fingerprint of at least a portion of an information technology (IT) infrastructure associated with a certain event relating to the IT infrastructure;
capturing a second fingerprint of at least a portion of the IT infrastructure associated with an event relating to the IT infrastructure; and
determining whether a correlation exists between the first and second fingerprints such that the first and second fingerprints each provide an indication of at least a portion of the same event relating to the IT infrastructure, wherein each of the first and second fingerprints includes a set of rules for a set of time cuts, respectively, wherein each rule in the set of rules includes a probability that a symptom of the event occurs for a specific time cut, wherein the symptom includes a metric and a reason that the event is generated, wherein determining whether a correlation exists comprises determining the degree of match between rules of the first fingerprint against rules of the second fingerprint across the various time cuts.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for correlating fingerprints in an Information Technology (IT) infrastructure for automated intelligence, where a fingerprint provides an indication of the activity and operation of the IT infrastructure immediately preceding an event. It is determined whether a correlation exists between multiple fingerprints to determine whether such fingerprints separately indicate the occurrence of the event for the same reason. If a degree of match is found to exist between the rule sets of multiple fingerprints that exceeds a certain threshold, the fingerprints are determined to indicate the occurrence of the event for the same reason and the rule sets for those fingerprints can be merged together with the probabilities that such rules will indicate the occurrence of the event adjusted accordingly. In one or more embodiments, the fingerprint matching correlation procedures are implemented to account for time or phase shifts between the rule sets in two fingerprints.
-
Citations
14 Claims
-
1. A method comprising:
-
capturing a first fingerprint of at least a portion of an information technology (IT) infrastructure associated with a certain event relating to the IT infrastructure; capturing a second fingerprint of at least a portion of the IT infrastructure associated with an event relating to the IT infrastructure; and determining whether a correlation exists between the first and second fingerprints such that the first and second fingerprints each provide an indication of at least a portion of the same event relating to the IT infrastructure, wherein each of the first and second fingerprints includes a set of rules for a set of time cuts, respectively, wherein each rule in the set of rules includes a probability that a symptom of the event occurs for a specific time cut, wherein the symptom includes a metric and a reason that the event is generated, wherein determining whether a correlation exists comprises determining the degree of match between rules of the first fingerprint against rules of the second fingerprint across the various time cuts. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory machine-readable medium having program instructions stored thereon executable by a processing unit of a special-purpose network monitoring server for performing the steps of:
-
capturing a first fingerprint of at least a portion of an information technology (IT) infrastructure associated with a certain event relating to the IT infrastructure; capturing a second fingerprint of at least a portion of the IT infrastructure associated with an event relating to the IT infrastructure; and determining whether a correlation exists between the first and second fingerprints such that the first and second fingerprints each provide an indication of at least a portion of the same event relating to the IT infrastructure, wherein each of the first and second fingerprints includes a set of rules for a set of time cuts, respectively, wherein each rule in the set of rules includes a probability that a symptom of the event occurs for a specific time cut, wherein the symptom includes a metric and a reason that the event is generated, wherein determining whether a correlation exists comprises determining the degree of match between rules of the first fingerprint against rules of the second fingerprint across the various time cuts. - View Dependent Claims (8, 9, 10)
-
-
11. A system comprising:
-
a fingerprint capturing module for capturing a first fingerprint of at least a portion of an information technology (IT) infrastructure associated with a certain event relating to the IT infrastructure, the fingerprint capturing module further capturing a second fingerprint of at least a portion of the IT infrastructure associated with an event relating to the IT infrastructure; and a fingerprint correlation module for determining whether a correlation exists between the first and second fingerprints such that the first and second fingerprints each provide an indication of at least a portion of the same event relating to the IT infrastructure, wherein each of the first and second fingerprints includes a set of rules for a set of time cuts, respectively, wherein each rule in the set of rules includes a probability that a symptom of the event occurs for a specific time cut, wherein the symptom includes a metric and a reason that the event is generated, wherein the fingerprint correlation module is further configured to determine the degree of match between rules of the first fingerprint against rules of the second fingerprint across the various time cuts. - View Dependent Claims (12, 13, 14)
-
Specification