A method of recovering a plurality of network elements from a network outage, including receiving, at a network management system (NMS), a plurality of recovery requests from the plurality of network elements; determining, by the NMS, a sequence for processing the plurality of recovery requests based on a plurality of priority values associated with the plurality of network elements, wherein a priority value of the plurality of priority values is based on at least one key performance indicator (KPI) associated with a corresponding network element of the plurality of network elements; and recovering the plurality of network elements based on the determined sequence.

Examples herein describe systems and methods for alarm prioritization in a Telco network. A prioritization engine can receive root cause problems and impacted network components from a network analysis module. The prioritization engine can define a mapping matrix that weights the problems according to network component type and service level. Using the problem weights, the prioritization engine can construct a problem-impact matrix that includes impact weights. The impact weights can be summed for each problem, as can the problem weights. The problems with the highest summed weights can then be prioritized first. The summed weights can also be based on predicted failure costs, such that the most expensive problems are prioritized first. The prioritization engine can send prioritized alerts for the problems for display on a graphical user interface (“GUI”).

A system for troubleshooting network problems is disclosed. A model can use demographic information, network usage information, and network membership information to determine an importance of a problem. The importance of the problem for the user who reported the problem, a number of other users affected by the problem, and the importance of the problem to the other users can be used to determine a priority for resolving the problem. Before and after a work order is executed to resolve the problem, network metrics can be gathered, including aggregate network metrics, and automatically presented in various user interfaces. The analysis of the metrics can be used to update a database of which work orders are assigned in response to which problems.

A method for assigning a severity to failure indications of network resources in a multilayered communication network includes in a processor, receiving one or a plurality of failure indications related to a failure of one or more network resources from a plurality of network resources in a communication network. A severity may be assigned to the one or said plurality of failure indications based on an impact on data, wherein assigning the severity includes at least one of: assigning a static severity based on a single traffic impact assessment in the communication network due to the one or more failed network resources, and assigning a dynamic severity based on continuous or periodic traffic impact assessments in the communication network due to the one or more failed network resources. The severity of the one or said plurality of failure indications may be outputted on an output device.

A system, method, and computer program product are provided for mitigating falsified log data provided to an AI-learning system. In use, from an artificial intelligence (AI) analysis system, suspicious data of a predicted situation is received. Additionally, event log data associated with the predicted situation is received. Simulated log data is created based on the event log data. The simulated log data is sent to the AI analysis system. Imitation data of the predicted situation is received from the AI analysis system. The imitation data of the predicted situation is compared with the suspicious data of a predicted situation to verify the event log data. When the imitation data matches the suspicious data, at least one the suspicious data or an originator of the suspicious data are authenticated.

As described herein, a system, method, and computer program are provided for dynamic prioritization of monitoring system related alerts. A plurality of alerts generated for a monitoring system are accessed. A first set of alert features predefined as high-level features are identified, wherein each of the high-level features is mapped to one or more alert features in a second set of alert features predefined as low-level features. The plurality of alerts are processed to determine a plurality of the most central high-level features. The plurality of alerts are grouped according to the plurality of the most central high-level features. Each group of alerts is processed to determine a plurality of the most central low-level features for the alerts in the group of alerts. A prioritized set of alerts are selected from the plurality of alerts based on the plurality of the most central low-level features.

Examples described herein relate to a management system that determines which services to redeploy on one or more platforms. A platform can receive a configuration to perform during a failure of connectivity with a management system. The platform can monitor activity of one or more services. The platform can, based on failure of connectivity with the management system and recovery of connectivity with the management system, provide the monitored activity of one or more services to the management system to influence services re-deployed by the management system. In some examples, based on failure to re-establish a connection with the management system within an amount of time, the platform can connect with the management system using a secondary management interface.

An anomaly detection apparatus (10) includes a storage unit (14) that stores dictionary information (14b) in which a partial character string of a message representing a type of a message included in a text log output from a system and an ID set for the type of the message are associated with each other. The anomaly detection apparatus (10), when the message included in the text log output from the system is acquired, refers to the dictionary information (14b) stored in the storage unit (14), classifies the message included in the text log by the type, and assigns the ID to the message that has been classified; and detects an anomaly based on the ID assigned to the message.

Embodiments are directed to monitoring network traffic. A monitoring engine may monitor network traffic associated with a plurality of entities in networks to provide metrics. And provide a device relation model based on the plurality of entities, the network traffic, and the metrics. An inference engine may associate each entity in the plurality of entities with an importance score based on the device relation model and the metrics such that each importance score is associated with a significance of an entity to operations of the networks. An alert engine may generate a plurality of alerts associated with the plurality of entities based on the metrics. And provide one or more alerts from the plurality of alerts to one or more users based on one or more ranked importance scores associated with one or more entities.

Embodiments of the present disclosure relate to a method for processing alerts. According to an embodiment of the present disclosure, a set of alerts matching a metric template are identified from received alerts during a period of time. A plurality of variable values are acquired from the set of alerts based on the metric template. The plurality of variable values are normalized according to a normalization rule of the metric template. A severity level for the set of alerts is determined based on the normalized variable values. In response to the severity level exceeding a certain threshold, an abstract alert including information related to the set of alerts is generated.