Systems and methods are provided for enhanced alert generation based on real-time manipulation of datasets. An example method includes accessing datasets including a plurality of rows each indicating a plurality of values. Occurrences of alert definitions are monitored via applying the alert definitions to the datasets, the alert definitions specifying expressions utilizing one or more of the values, with an occurrence of an alert definition indicating satisfaction of the specified expression and causing an associated alert to be generated for evaluation. Presentation of an interactive user interface associated with customizing alert definitions is caused. The interactive user interface presents a first visual portion, the first visual portion enabling specification of an expression for a customized alert definition. The interactive user interface presents a second visual portion, the second visual portion comparing occurrences of an existing alert definition with occurrences of a customized alert definition specified in the first visual portion.

Automated computer-implemented processes and systems are directed to troubleshooting a network used by an application in a data center. The processes and system execute a framework for automated network troubleshooting of an application. The framework performs automated fault localization by traversing a dependency graph that models the network from the observed performance problem, guided by the causality relationships, and for each edge of the graph, performs a test to determine problem causality, terminates at a set of well-defined criteria, and outputs at least one potential root cause for the application performance problem.

An abnormal access prediction system is configured to comprise an acquisition unit and a prediction unit. The acquisition unit acquires time-series access data and time-series resource usage data in a first period. The time-series access data is data relating to access to a server on a network from a first plurality of terminal devices individually operated by a first plurality of users. The time-series resource usage data is data relating to a time-series change in resource usage of each of the first plurality of terminal devices. The prediction unit predicts a terminal device that performs abnormal access by using: a prediction model generated on the basis of time-series access data and time-series resource usage data in a second period earlier than the first period; time-series access data in the first period; and time-series resource usage data.

A method of managing predicting anomalies in operation of a communications network. The method includes receiving network performance data, including network performance data received as time series of values representing monitored characteristics. The method also includes detecting a first anomaly in operation of the communications network and, from historical network performance data, determining if an instance of the first anomaly occurred in the past. If this is a first occurrence of the first anomaly, then based on network performance data received before detecting the first anomaly the method includes building a first model for predicting an instance of the first anomaly and deploying the first model to operate. An apparatus implementing the method is also disclosed.

An anomaly detection system uses an AI engine to analyze configurations and backups to identify and assess anomalies. Backup data and configurations are used to characterize events as either secure or insecure.

Various aspects involve a lagged prediction model trained for risk assessment or other purposes. For instance, a risk assessment computing system receives a risk assessment query for a target entity and provides an input predictor record for the target entity to a lagged prediction model. The input predictor record includes a first group of lagged values from a first time-series attribute associated with the target entity. The lagged prediction model is trained by implementing a group feature selection technique configured to select the first time-series attribute as input and to deselect a second time-series attribute associated with the target entity. The risk assessment computing system computes an output risk indicator from the input predictor record and transmits the output risk indicator to a remote computing system. The output risk indicator can be used to control access by the target entity to one or more interactive computing environments.

Methods and systems for managing data processing system are disclosed. A data processing system may include one or more hardware and/or software components. The operation of the data processing system may depend on the operation of these components. To manage the operation of the data processing system, future failures of the hardware components may be predicted and used as a basis for predicted services to reduce the threat of the predicted component failures. To manage performance of the predicted services, the predicted services may be scheduled for performance. To schedule performance of the predicted services, limitations on availability of service professionals that may complete the predicted services may be taken into account.

Network management techniques are described. A controller device of this disclosure manages a device group of a network. The controller device includes processing circuitry in communication with the memory, the processing circuitry being configured to receive, using a programmable diagnosis service executed by the processing circuitry, a programming input, to form, using the programmable diagnosis service, based on the programming input, a resource definition graph that models interdependencies between a plurality of resources supported by the device group, to detect, using the programmable diagnosis service, an event affecting a first resource of the plurality of resources, and to identify, using the programmable diagnosis service, based on the interdependencies modeled in the resource definition graph formed based on the programming input, a root cause event that caused the event affecting the first resource, the root cause event occurring at a second resource of the plurality of resources.

Anomalies are detected in network traffic exhibiting a seasonal variation. A neural network is trained using historical network traffic metrics, and as a result, the trained neural network is configured to output a mean error from a network traffic metric input. A decision tree model is trained on a training dataset comprising historical network traffic metric outputs at associated times. To identify an anomaly, network traffic metrics for a particular time are provided as an input to the trained neural network that, in response, outputs the mean error. The particular time is input into the trained decision tree model to output a mean error adjustment. The mean error is adjusted using the mean error adjustment, and the resulting adjusted mean error is compared to a static mean error threshold value to identify the anomaly.

A network management system is configured to detect one or more malicious activities at one or more devices connected to a network. The network management system is configured to determine a malware root of the one or more malicious activities and generate a network-wide indicating a hierarchical relationship between the malicious activities spawned by the malware root and the malware root. The malicious activities spawned by the malware root represented in the network-wide malware include the one or more malicious activities and include a plurality of malicious activities spawned across a plurality of devices connected to the network.