Remediating events using behaviors

US 8,977,900 B2
Filed: 12/28/2012
Issued: 03/10/2015
Est. Priority Date: 09/14/2012
Status: Active Grant

First Claim

Patent Images

1. A computer program product stored on a computer readable storage device having computer readable program code embodied thereon that is executable by a data processing system for remediating events using behaviors via an administrator system, the computer program product comprising:

computer readable program code for receiving an event from a component of an information technology (IT) environment;

computer readable program code for determining a behavior at least partly from the event;

computer readable program code for determining that the behavior is an anomalous behavior at least partly from a group of previously received events;

computer readable program code for calculating a coefficient via a calculation for the anomalous behavior at least partly from a weight;

computer readable program code for sending a description of the anomalous behavior and a group of options to an administrator client, the description is at least partly based on the calculation;

computer readable program code for receiving a severity indication from the administrator client; and

computer readable program code for updating the weight, the calculation, and the description based on the severity indication.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Remediating events of components using behaviors via an administrator system and an administrator client. The administrator system receives an event from a component of an information technology (IT) environment. A behavior is determined at least partly from the event. The behavior is determined to be an anomalous behavior at least partly from a group of previously received events. A coefficient is calculated, via a calculation, for the anomalous behavior at least partly from a weight. The administrator system sends a description of the anomalous behavior and a group of options to the administrator client. The description is at least partly based on the calculation. The administrator system receives a severity indication from the administrator client. The weight, the calculation, and the description are updated based on the severity indication.

26 Citations

View as Search Results

25 Claims

1. A computer program product stored on a computer readable storage device having computer readable program code embodied thereon that is executable by a data processing system for remediating events using behaviors via an administrator system, the computer program product comprising:
- computer readable program code for receiving an event from a component of an information technology (IT) environment;
  
  computer readable program code for determining a behavior at least partly from the event;
  
  computer readable program code for determining that the behavior is an anomalous behavior at least partly from a group of previously received events;
  
  computer readable program code for calculating a coefficient via a calculation for the anomalous behavior at least partly from a weight;
  
  computer readable program code for sending a description of the anomalous behavior and a group of options to an administrator client, the description is at least partly based on the calculation;
  
  computer readable program code for receiving a severity indication from the administrator client; and
  
  computer readable program code for updating the weight, the calculation, and the description based on the severity indication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer program product of claim 1, further comprising:
    - computer readable program code for resending the description based on the updating to the administrator client.
  - 3. The computer program product of claim 1, further comprising:
    - computer readable program code for sending a command to at least one of the component and a second component.
  - 4. The computer program product of claim 3, wherein:
    - the command is associated with a script to remediate the event.
  - 5. The computer program product of claim 4, further comprising:
    - computer readable program code for receiving a further option to add to the group of options;
      
      wherein;
      
      the sending of the command is after one of a manual remediation option and an automatic remediation option is indicated as selected from the group of options;
      
      the script is associated with a remediation;
      
      the remediation is associated with a previously received event of the group of previously received events;
      
      the previously received event is related to the event; and
      
      the second component is related to the event.
  - 6. The computer program product of claim 3, wherein:
    - the sending of the command is before a ticket is received from a same or a different component that is related to the event; and
      
      the ticket is associated with the event.
  - 7. The computer program product of claim 1, wherein:
    - the calculating is at least partly from a ticket correlation; and
      
      the ticket correlation is a value related to a correlation between similar events of the group of previously received events that are similar to the event related to the anomalous behavior and a ticket associated with the similar events.
  - 8. The computer program product of claim 1, wherein:
    - the calculating is at least partly from a mean time to remediation; and
      
      the mean time to remediation is a value related to mean time to remediate a ticket associated with similar events of the group of previously received events that are similar to the event related to the anomalous behavior.
  - 9. The computer program product of claim 1, wherein:
    - the description is displayed at the administrator client as a table; and
      
      the coefficient is associated with a row of the table.
  - 10. The computer program product of claim 9, wherein:
    - a priority of the row is based on a value of the coefficient.

11. A computer program product stored on a computer readable storage device having computer readable program code embodied thereon that is executable by a data processing system for remediating events using behaviors via an administrator client, the computer program product comprising:
- computer readable program code for receiving a first description of an anomalous behavior and a group of options from an administrator system, the description is at least partly based on a calculation, wherein;
  
  an event is received from a component of an information technology (IT) environment;
  
  a behavior is determined at least partly from the event;
  
  the behavior is determined to be an anomalous behavior at least partly from a group of previously received events;
  
  a coefficient is calculated via the calculation for the anomalous behavior at least partly from a weight; and
  
  computer readable program code for sending a severity indication to the administrator system, wherein;
  
  the weight, the calculation, and the description are updated based on the severity indication.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The computer program product of claim 11, further comprising:
    - computer readable program code for receiving a second description based on the weight, the calculation, and the description that are updated from the administrator system.
  - 13. The computer program product of claim 11, wherein:
    - a command is sent to at least one of the component and a second component.
  - 14. The computer program product of claim 13, wherein:
    - the command is associated with a script to remediate the event.
  - 15. The computer program product of claim 14, further comprising:
    - computer readable program code for sending a further option to add to the group of options;
      
      wherein;
      
      the command is sent after one of a manual remediation option and an automatic remediation option is indicated as selected from the group of options;
      
      the script is associated with a remediation;
      
      the remediation is associated with a previously received event of the group of previously received events;
      
      the previously received event is related to the event; and
      
      the second component is related to the event.
  - 16. The computer program product of claim 13, wherein:
    - the command is sent before a ticket is received from a same or a different component that is related to the event; and
      
      the ticket is associated with the event.
  - 17. The computer program product of claim 11, wherein:
    - the calculation is at least partly based on a ticket correlation; and
      
      the ticket correlation is a value related to a correlation between similar events of the group of previously received events that are similar to the event related to the anomalous behavior and a ticket associated with the similar events.
  - 18. The computer program product of claim 11, further comprising:
    - computer readable program code for displaying the description as a table;
      
      wherein;
      
      the coefficient is associated with a row of the table;
      
      the calculation is at least partly based on a mean time to remediation;
      
      the mean time to remediation is a value related to mean time to remediate a ticket associated with similar events of the group of previously received events that are similar to the event related to the anomalous behavior; and
      
      a priority of the row is based on a value of the coefficient.

19. A computer program product stored on a computer readable storage device having computer readable program code embodied thereon that is executable by a data processing system for remediating events using behaviors via component of an information technology environment, the computer program product comprising:
- computer readable program code for sending an event to an administrator system of the information technology (IT) environment, wherein;
  
  a behavior is determined at least partly from the event;
  
  the behavior is determined to be an anomalous behavior at least partly from a group of previously received events;
  
  a coefficient is calculated via a calculation for the anomalous behavior at least partly from a weight;
  
  a description of the anomalous behavior and a group of options is sent to an administrator client, the description is at least partly based on the calculation;
  
  a severity indication is received from the administrator client;
  
  the weight, the calculation, and the description are updated based on the severity indication; and
  
  computer readable program code for receiving a command associated with a script to remediate the event.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The computer program product of claim 19, wherein:
    - the description is resent based on the weight, the calculation, and the description that are updated.
  - 21. The computer program product of claim 19, wherein:
    - the command is received at a second component.
  - 22. The computer program product of claim 21, wherein:
    - the second component is associated with the event.
  - 23. The computer program product of claim 22, wherein:
    - a further option is received to add to the group of options;
      
      the receiving of the command is after one of a manual remediation option and an automatic remediation option is indicated as selected from the group of options;
      
      the script is associated with a remediation;
      
      the remediation is associated with a previously received event of the group of previously received events; and
      
      the previously received event is related to the event.
  - 24. The computer program product of claim 21, wherein:
    - the receiving of the command is before a ticket is received via one of the component and the second component; and
      
      the ticket is associated with the event.
  - 25. The computer program product of claim 19, wherein:
    - the calculation is at least partly based on a ticket correlation;
      
      the ticket correlation is a value related to a correlation between similar events of the group of previously received events that are similar to the event related to the anomalous behavior and a ticket associated with the similar events;
      
      the calculation is at least partly based on a mean time to remediation;
      
      the mean time to remediation is a value related to mean time to remediate a ticket associated with similar events of the group of previously received events that are similar to the event related to the anomalous behavior;
      
      the description is displayed at the administrator client as a table;
      
      the coefficient is associated with a row of the table; and
      
      a priority of the row is based on a value of the coefficient.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kochut, Andrzej, Mastrianni, Steven J., Sailer, Anca, Schulz, Charles O.
Primary Examiner(s)
Lottich, Joshua P

Application Number

US13/729,958
Publication Number

US 20140082171A1
Time in Patent Office

802 Days
Field of Search

714/25, 714/26
US Class Current

714/26
CPC Class Codes

G06F 11/0709   in a distributed system con...

G06F 11/0766   Error or fault reporting or...

G06F 11/0793   Remedial or corrective acti...

H04L 41/00   Arrangements for maintenanc...

Remediating events using behaviors

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

Remediating events using behaviors

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others