A network monitoring, reporting and risk mitigation system collects events at a computing device within the local network to provide improved network security. The events are aggregated into alerts, which may be processed according to triggering definitions in order to create ARO (action, recommendations and observations) reports providing required or recommended actions to take or observations to a network administrator. The ARO reports may be processed by a remote server in order to generate contextual feedback for updating the triggering definitions.

It is provided a communication device which transfers a signal, comprising: an arithmetic device configured to execute predetermined processing; a storage device accessible from the arithmetic device; a log collection module configured to collect first type logs from at least one of the communication device or an equipment coupled to the communication device; an alert generation module configured to generate alert when one of the collected the first type logs satisfies a predetermined condition; and a failure cause candidate determination module configured to determine failure cause candidates in response to the generated alert, and output, to the log collection module, an additional log collection request for collecting second type logs in an additional log collection order that is set based on the determined failure cause candidates.

It is provided a communication device which transfers a signal, comprising: an arithmetic device configured to execute predetermined processing; a storage device accessible from the arithmetic device; a log collection module configured to collect first type logs from at least one of the communication device or an equipment coupled to the communication device; an alert generation module configured to generate alert when one of the collected the first type logs satisfies a predetermined condition; and a failure cause candidate determination module configured to determine failure cause candidates in response to the generated alert, and output, to the log collection module, an additional log collection request for collecting second type logs in an additional log collection order that is set based on the determined failure cause candidates.

Disclosed herein are system, method, and computer program product embodiments for determining monitoring compliance for an enterprise application deployed on an application delivery platform. Existing resources, monitors and alerts are discovered with gaps in monitoring being calculated based on a comparison of monitoring objectives and the existing monitors and alerts. Gaps in monitoring are reported in a GUI reflecting effectiveness of existing monitors.

Disclosed herein are system, method, and computer program product embodiments for determining monitoring compliance for an enterprise application deployed on an application delivery platform. Existing resources, monitors and alerts are discovered with gaps in monitoring being calculated based on a comparison of monitoring objectives and the existing monitors and alerts. Gaps in monitoring are reported in a GUI reflecting effectiveness of existing monitors.

Systems and methods provide for automatically generating a data model that includes a first data feed conforming to industry standards where only alerts for alert triggering violations are provided. The data model further comprises a second data feed that includes both the alerts from the first data feed and a plurality of synthetic alerts for any violations that occur in a data center but do not qualify as alert triggering violations. This second data feed provides a complete picture of the performance of a data center's devices and allows for accurate analytics.

Systems and methods provide for automatically generating a data model that includes a first data feed conforming to industry standards where only alerts for alert triggering violations are provided. The data model further comprises a second data feed that includes both the alerts from the first data feed and a plurality of synthetic alerts for any violations that occur in a data center but do not qualify as alert triggering violations. This second data feed provides a complete picture of the performance of a data center's devices and allows for accurate analytics.

Machine data of an operating environment is conveyed by a network to a data intake and query system (DIQS) which reflects the machine data as timestamped entries of a field-searchable datastore. Monitoring functionality may search the machine data to identify notable event instances. A notable event processing system correlates the notable event instance to one or more triaging models which are executed against the notable event to produce a modeled result. Information of the received notable event and the modeled results are combined into an enhanced representation of a notable event instance. The enhanced representation conditions downstream processing to automatically perform or assist triaging of notable event instances to optimize application of computing resources to highest priority conditions in the operating environment.

Machine data of an operating environment is conveyed by a network to a data intake and query system (DIQS) which reflects the machine data as timestamped entries of a field-searchable datastore. Monitoring functionality may search the machine data to identify notable event instances. A notable event processing system correlates the notable event instance to one or more triaging models which are executed against the notable event to produce a modeled result. Information of the received notable event and the modeled results are combined into an enhanced representation of a notable event instance. The enhanced representation conditions downstream processing to automatically perform or assist triaging of notable event instances to optimize application of computing resources to highest priority conditions in the operating environment.

A device is configured to detect a triggering event within a network that is associated with a communication error between a first network device and a second network device. The device is further configured to identify a first node in a computer network map corresponding with the first network device and to identify node properties for the first node. The device is further configured to identify the error correction instructions in the node properties for the first node that include an address for rerouting data traffic to a third network device. The device is further configured to apply the error correction instructions where applying the error correction instructions suspends data traffic to the second network device and reroutes data traffic to the third network device.