| 发明名称 | Remediating events using behaviors | ||
| 摘要 | Remediating events of components using behaviors via an administrator system and an administrator client. The administrator system receives an event from a component of an information technology (IT) environment. A behavior is determined at least partly from the event. The behavior is determined to be an anomalous behavior at least partly from a group of previously received events. A coefficient is calculated, via a calculation, for the anomalous behavior at least partly from a weight. The administrator system sends a description of the anomalous behavior and a group of options to the administrator client. The description is at least partly based on the calculation. The administrator system receives a severity indication from the administrator client. The weight, the calculation, and the description are updated based on the severity indication. | ||
| 申请公布号 | US8977900(B2) | 申请公布日期 | 2015.03.10 |
| 申请号 | US201213729958 | 申请日期 | 2012.12.28 |
| 申请人 | International Business Machines Corporation | 发明人 | Kochut Andrzej;Mastrianni Steven J.;Sailer Anca;Schulz Charles O. |
| 分类号 | G06F11/00;H04L12/24;G06F11/07 | 主分类号 | G06F11/00 |
| 代理机构 | Yee & Associates, P.C. | 代理人 | Yee & Associates, P.C. ;Percello Louis J. |
| 主权项 | 1. A computer program product stored on a computer readable storage device having computer readable program code embodied thereon that is executable by a data processing system for remediating events using behaviors via an administrator system, the computer program product comprising: computer readable program code for receiving an event from a component of an information technology (IT) environment; computer readable program code for determining a behavior at least partly from the event; computer readable program code for determining that the behavior is an anomalous behavior at least partly from a group of previously received events; computer readable program code for calculating a coefficient via a calculation for the anomalous behavior at least partly from a weight; computer readable program code for sending a description of the anomalous behavior and a group of options to an administrator client, the description is at least partly based on the calculation; computer readable program code for receiving a severity indication from the administrator client; and computer readable program code for updating the weight, the calculation, and the description based on the severity indication. | ||
| 地址 | Armonk NY US | ||