A method for learning queries in automated incident remediation is performed by one or more computing devices, each comprising one or more processors. The method includes parsing at least a portion of incidents from an incident log based at least in part on one or more incident types associated with each incident from the portion of the incidents, identifying parameters associated with a plurality of queries, grouping the plurality of queries into a plurality of query groups based at least in part on the identified parameters, identifying a new incident added to the incident log, and generating an automated query based at least in part on a similarity between the new incident and a prior incident.
Query learning for automated incident investigation and remediation
Matteo Dell'Amico
2018-06-29
Abstract
A method for learning queries in automated incident remediation is performed by one or more computing devices, each comprising one or more processors. The method includes parsing at least a portion of incidents from an incident log based at least in part on one or more incident types associated with each incident from the portion of the incidents, identifying parameters associated with a plurality of queries, grouping the plurality of queries into a plurality of query groups based at least in part on the identified parameters, identifying a new incident added to the incident log, and generating an automated query based at least in part on a similarity between the new incident and a prior incident.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
