Systems, apparatuses, methods, and computer program products are disclosed for automating incident severity classification. An example method includes: receiving a historical incident dataset; receiving a new incident dataset including information regarding a set of new incidents; generating a set of predicted severity classifications for the set of new incidents using a machine learning model, the historical incident dataset, and the new incident dataset; determining that a severity classification mismatch between at least one assigned severity classification and a predicted severity classification of the set of predicted severity classifications exists for the new incident dataset; and in response to determining that the severity classification mismatch exists, prompting further investigation of the severity classification mismatch through outputting an indication of the severity classification mismatch.

The invention provides a method for managing a plurality of events, wherein each event comprises physical attributes and logical attributes by creating tuples with the events with the same logical attributes, providing a set of hierarchized relations between tuples, by means of a pipeline algorithm, wherein parent-child relations are provided between tuples, classifying the tuples in families, each family contains all the tuples related according to the parent-child relation provided by the pipeline algorithm, identify the parent tuple of each family, defined as the tuple which has at least one children and has no parent and present the parent tuples, together with the physical attributes of the events associated to each parent tuple.

A method for analyzing network incidents within a network and providing prioritized remediation recommendations is disclosed. The method includes: receiving network data and computing a plurality of network incidents from the network data, collecting network incidents related to a particular network issue over a time period and grouping the network incidents according to root-cause symptoms, generating a network incident graph by superimposing groups of network incidents over a network graph, analyzing the network incident graph to identify localized areas with systemic issues; and based on the analysis of the network incident graph, generating and displaying a list of remediation recommendations. Each remediation recommendation includes a systemic issue in the network, a remediation to resolve the issue, and a quantified expected benefit from implementing the remediation.

A method, including receiving, from multiple sources, respective sets of incidents, and respective suspiciousness labels for the incidents. A set of rules are applied so as to assign training labels to respective incidents in a subset of the incidents in the received sets. For each given incident in the subset, the respective training label is compared to the respective suspiciousness label so as to compute a respective quality score for each given source. Any sources having respective label quality scores meeting a predefined criterion are identified, and a model for computing predicted labels is fit to the incidents received from the identified sources and the respective suspiciousness labels of the incidents. The model is applied to an additional incident received from one of the sources to compute a predicted label for the additional incident, and a notification of the additional incident is prioritized in response to the predicted label.

Systems, methods, and related technologies for determining an issue based on a plurality of events. The determining of an issue may include accessing network traffic from a network and accessing a plurality of events associated with the network traffic. An issue can be determined based on a correlation of a portion of the plurality of events, where the issue represents an incident associated with the portion of the plurality of events. The correlation of the portion of the plurality of events is based on network specific information. Information associated with the issue including the portion of the plurality of events may then be stored.

Apparatuses and methods for identifying network anomalies. A method includes determining a cumulative anomaly score over a predefined time range based on a subset of historical PM samples and determining an anomaly ratio of a first time window and a second time window, based on the cumulative anomaly score. The method also includes determining one or more anomaly events coinciding with CM parameter changes based on the anomaly ratio; collating the PM, alarm, and CM data into a combined data set based on matching fields and timestamps; generating a set of rules linking one or more CM parameter changes and the collated data to anomaly events; and generating root cause explanations for CM parameter changes that are linked to anomaly events.

Methods and systems generating real-time notifications of software application importance based on current processing requirements. The method includes receiving a first dataset, wherein the first dataset comprises recovery time estimates for processing requirements. The method includes receiving a second dataset, wherein the second dataset comprises second recovery time estimates for applications. The method includes receiving a third dataset, wherein the third dataset comprises dependencies between processing requirements and applications. The method determines many-to-many relationships between the processing requirements and applications based on the dependencies. The method inputs the many-to-many relationships into a machine learning model to identify importance metrics for each application. The method generates, for display on a user interface, a ranking of the applications in order of importance metric.

A monitoring device for troubleshooting events in a datacenter network identifies a first network event for a time period, and provides an initial display page, one or more additional display pages, selectable display objects, and a representation of the first network event. The device generates a dynamic troubleshooting path for the first network event to track a user navigation between display pages, a manipulation of the one or more selectable display objects, and a last-current display page, and also provides an indication of a second network event associated with higher resolution priority relative to the first network event. Retrieving the dynamic troubleshooting path causes the interface to present the last-current display page, apply the manipulation of the one or more selectable display objects, and load the user navigation between the initial dashboard display page and the one or more additional display pages in a cache.

Disclosed is a system that includes a plurality of regional cloud exchange platforms coupled to a distributed alert triaging engine. A system can include a first regional cloud exchange platform and a second regional cloud exchange platform, each of which includes a regional cloud services monitoring engine and a regional cloud exchange monitoring engine, and an alert triaging engine that provides a triaged alert, or portion thereof, to an appropriate audience.

An embodiment of the present invention is directed to a Re-Run Dropped Detection Tool that provides various features and tools to prepare, execute and monitor status of a Re-Run process. An embodiment of the present invention is directed to an automated dispatch/monitoring of alert jobs as well as monitoring of Re-Run as a Service (RRAAS) solution.