Described systems and techniques determine causal associations between events that occur within an information technology landscape. Individual situations that are likely to represent active occurrences requiring a response may be identified as causal event clusters, without requiring manual tuning to determine cluster boundaries. Consequently, it is possible to identify root causes, analyze effects, predict future events, and prevent undesired outcomes, even in complicated, dispersed, interconnected systems.

Systems and methods are described herein for logging system events within an electronic machine using an event log structured as a collection of tree-like cause and effect graphs. An event to be logged may be received. A new event node may be created within the event log for the received event. One or more existing event nodes within the event log may be identified as having possibly caused the received event. One or more causal links may be created within the event log between the new event node and the one or more identified existing event nodes. The new event node may be stored as an unattached root node in response to not identifying an existing event node that may have caused the received event.

Various embodiments provide systems and methods for discovering APIs for use in relation to network application security.

Systems and methods are provided herein for analyzing root-causes of network access failures in a wireless network. In response to detecting that a client device experiences a network access failure that prevents communication with a server device, a method, according to one implementation, includes a step of analyzing the network access failure to predict one or more root-causes. Also, the method includes beginning a remediation procedure for remediating the one or more root-causes.

Described systems and techniques determine causal associations between events that occur within an information technology landscape. Individual situations that are likely to represent active occurrences requiring a response may be identified as causal event clusters, without requiring manual tuning to determine cluster boundaries. Consequently, it is possible to identify root causes, analyze effects, predict future events, and prevent undesired outcomes, even in complicated, dispersed, interconnected systems.

A system is provided herein that can correlate service issues with system telemetry associated with the software session associated with those service issues. Using a statistical approach, the system can evaluate data across numerous software sessions to rank the importance of the reported service issues. To accomplish the ranking, the system can parse the reports of service issues on a periodic basis, can extract telemetry identifiers (IDs) from the logs, can query the telemetry, may compute the relative importance of detected issues (in the context of calls going on for that day), and then can report this impact hack to the service issue database.

Analysis of a root cause of errors within a cloud network is manually complex and computationally intensive. Methods and systems are provided to determine a subset of elements of the cloud network to analyze, and to identify a subset of analyzers for analyzing the subset of elements to determine the root cause for the error. Thus, when configuring a network, a user may be provided with an identification of the root cause of error, enabling the user to quickly identify and correct the error.

A computer device may include a processor configured to obtain key performance indicator (KPI) values for KPI parameters associated with at least one device and compute a set of historical statistical values for the obtained KPI values associated with the network device. The processor may be further configured to provide the KPI values and the computed set of historical statistical values to an anomaly detection model to identify potential anomalies; filter the identified potential anomalies based on a designated desirable behavior for a particular KPI parameter to identify at least one anomaly; and send an alert that includes information identifying the at least one anomaly to a management system or a repair system associated with the device. The computer device may further determine a root cause KPI parameter for the identified at least one anomaly and include information identifying the determined root cause KPI parameter in the alert.

Network management techniques are described. A controller device of this disclosure manages a device group of a network. The controller device includes processing circuitry in communication with the memory, the processing circuitry being configured to receive, using a programmable diagnosis service executed by the processing circuitry, a programming input, to form, using the programmable diagnosis service, based on the programming input, a resource definition graph that models interdependencies between a plurality of resources supported by the device group, to detect, using the programmable diagnosis service, an event affecting a first resource of the plurality of resources, and to identify, using the programmable diagnosis service, based on the interdependencies modeled in the resource definition graph formed based on the programming input, a root cause event that caused the event affecting the first resource, the root cause event occurring at a second resource of the plurality of resources.

Anomalies are detected in network traffic exhibiting a seasonal variation. A neural network is trained using historical network traffic metrics, and as a result, the trained neural network is configured to output a mean error from a network traffic metric input. A decision tree model is trained on a training dataset comprising historical network traffic metric outputs at associated times. To identify an anomaly, network traffic metrics for a particular time are provided as an input to the trained neural network that, in response, outputs the mean error. The particular time is input into the trained decision tree model to output a mean error adjustment. The mean error is adjusted using the mean error adjustment, and the resulting adjusted mean error is compared to a static mean error threshold value to identify the anomaly.