Abstract: A content generation method includes receiving a control document comprising one or more control clauses, identifying actionable content for the one or more control clauses, generating a programming language template for the one or more control clauses, identifying a closest existing control clause from a database for each of the one or more control clause, identifying a programming language implementation of the closest existing control clause, identifying similarities and differences between the programming language implementation and the generated programming language template, and annotating the programming language implementation for the closest existing control clause based on the identified similarities and differences.

Abstract: Embodiments relate to monitoring an information technology (IT) environment having a plurality of domains through key performance indicator (KPI) data. In response to detection of a technical health problem, a first KPI related to the problem is identified. A root cause analysis is performed on the identified KPI generating a knowledge graph. A second KPI related to the first KPI is identified through the discovery of a correlation between the two identified KPIs. A diagnosis is generated for the technical health problem within the IT environment based on the discovered hidden correlation between the first KPI and second KPI. The generated diagnosis includes the root cause of the technical health issue.

Abstract: A method for scheduling services in a computing environment includes receiving a service scheduling request corresponding to the computing environment and identifying a resource pool and a set of compliance requirements corresponding to the computing environment. The method continues by identifying target resources within the resource pool, wherein target resources are resources which meet the set of compliance requirements, and subsequently identifying a set of available target resources, wherein available target resources are target resources with scheduling availability. The method further includes analyzing the set of available target resources to determine a risk score for each available target resource and selecting one or more of the set of available target resources according to the determined risk scores. The method continues by scheduling a service corresponding to the service scheduling request on the selected one or more available target resources.

Abstract: According to an embodiment, a computer-implemented method can comprise: inspecting, using a processor, a set of container images respectively associated with pods; identifying, using the processor, a first subset of the pods that contain a vulnerability; classifying, using the processor, the first subset of the pods as primary-infected pods; generating, using the processor, a first list of namespaces in which the primary-infected pods are deployed within a network; checking, using the processor, network policies in connection with the first list of namespaces to determine secondary-suspect pods that have ability to communicate with the primary-infected pods; generating, using the processor, a list of secondary-suspect namespaces in which the secondary-suspect pods are deployed within the network; identifying, using the processor, one or more secondary-suspect pods that communicated with one or more primary-infected pods; and generating, using the processor, a list of secondary-infected pods.

Abstract: One or more systems, devices, computer program products and/or computer-implemented methods provided herein relate to prioritization of attack techniques and cyber security events. According to an embodiment, an attack prioritization engine can receive security events, train an artificial intelligence model to rank respective cyber security events as a function of risk, and output a prioritization of security events to address. A mapping component can map asset vulnerabilities to attack techniques. A calculation component can calculate and aggregate scores for respective attack techniques. An attack surface component can extract features from the aggregation of scores to rank attack techniques and determine an attack surface. The mapping component can further map security events to the attack techniques.

Abstract: Systems, computer-implemented methods, and computer program products that facilitate vulnerability and attack technique association are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a map component that defines mappings between vulnerability data representing a vulnerability of a computing resource and attack data representing at least one attack technique. The computer executable components can further comprise an estimation component that analyzes the mappings to estimate a probability that the vulnerability will be exploited to attack the computing resource.

Abstract: Techniques regarding providing artificial intelligence problem descriptions are provided. For example, one or more embodiments described herein can comprise a system, which can comprise a memory that can store computer executable components. The system can also comprise a processor, operably coupled to the memory, and that can execute the computer executable components stored in the memory. The computer executable components can include, at least: a query component that generates key performance indicators from a query, determines a subset of key performance indicators that individually have a performance below a threshold, and maps the subset of key performance indicators to operational metrics; a learning component that generates, using artificial intelligence, problem descriptions from one or more of the subset of key performance indicators or the operational metrics and transmits the problem descriptions to a database.

Abstract: A method, system, and computer program product for software package update handling are provided. The method installs an initial set of software packages in a virtual environment. A package dependency graph is generated representing independent software packages and dependent software packages of the initial set of software packages. One or more software packages are updated with one or more updated software packages to generate a subsequent set of software packages. A compatibility check is performed on the subsequent set of software packages. The method generates an update prerequisite package based on the compatibility check.

Abstract: Techniques regarding providing artificial intelligence problem descriptions are provided. For example, one or more embodiments described herein can comprise a system, which can comprise a memory that can store computer executable components. The system can also comprise a processor, operably coupled to the memory, and that can execute the computer executable components stored in the memory. The computer executable components can include, at least: a query component that generates key performance indicators from a query, determines a subset of key performance indicators that individually have a performance below a threshold, and maps the subset of key performance indicators to operational metrics; a learning component that generates, using artificial intelligence, problem descriptions from one or more of the subset of key performance indicators or the operational metrics and transmits the problem descriptions to a database.

Abstract: Embodiments relate to a system, a program product, and a method to support a migration operation. Risk factors associated with a migration operation are assessed. The assessment includes assigning respective risk score values to the identified risk factors, assigning respective weight values to the identified risk factors, and calculating a composite risk score based on the assigned risk score values and the assigned weight values. At least one remediation action is recommended to reduce risk to the migration operation. The at least one recommended remediation action is implemented prior to execution of the migration operation. A migration plan incorporating the remediation action for the migration operation is generated. At least one machine learning (ML) model is employed in connection with (a) the subjecting of the identified risk factors to the assessment and/or (b) the recommending of at least one remediation action to reduce risk to the migration operation.

Abstract: One or more systems, devices, computer program products and/or computer-implemented methods of use provided herein relate to compliance mapping, and more particularly to aggregated mapping of one or more sets of context-based compliance data with standard compliance data, such as from a target domain and one or more associate domains. A system can comprise a memory that stores computer executable components, and a processor that executes the computer executable components stored in the memory, wherein the computer executable components can comprise a mapping component that can map a compliance control for a target domain based on a model trained by an active learning process that incorporates a plurality of contexts representing relationships between entities and associate domain specific dependencies.

Abstract: An apparatus, a method, and a computer program product are provided that combine policy compliance with vulnerability management to provide a more accurate risk assessment of an environment. The method includes training a policy machine learning model using a first training dataset to generate a policy machine learning model to produce mitigation technique classifications and training a vulnerability machine learning model using a second training dataset to generate a vulnerability machine learning model to produce weakness type classifications. The method also includes mapping the mitigation technique classifications to attack techniques to produce a policy mapping and mapping the weakness type classifications to the attack techniques to produce a vulnerability mapping. The method further includes producing a risk assessment of a vulnerability based on the policy mapping and the vulnerability mapping.

Abstract: Techniques for dynamic server groups that can be patched together using stream clustering algorithms, and learning components in order to reuse the repeatable patterns using machine learning are provided herein. In one example, in response to a first risk associated with a first server device, a risk assessment component patches a server group to mitigate a vulnerability of the first server device and a second server device, wherein the server group is comprised of the first server device and the second server device. Additionally, a monitoring component monitors data associated with a second risk to the server group to mitigate the second risk to the server group.

Abstract: A content generation method includes receiving a control document comprising one or more control clauses, identifying actionable content for the one or more control clauses, generating a programming language template for the one or more control clauses, identifying a closest existing control clause from a database for each of the one or more control clause, identifying a programming language implementation of the closest existing control clause, identifying similarities and differences between the programming language implementation and the generated programming language template, and annotating the programming language implementation for the closest existing control clause based on the identified similarities and differences.

Abstract: Computer implemented reconstruction of compliance mapping due to an update in a regulation in the compliance mapping by a computing device includes comparing a first version of a regulation in the compliance mapping to a second, updated version of the first regulation. A change in the second version with respect to the first version is identified. The change may be an added control description, a deleted control description, or an updated control description. Upon determining that the change is an updated control description, the updated control description is analyzed to determine a type of update. The mapping of the regulation is reconstructed based on the change and, if the change is an updated control description, the type of update, using at least one of natural language processing and/or machine learning. The risk of the reconstructed mapping is assessed, and a service owner is notified about the risk of the changes.

Abstract: Techniques facilitating maintenance of tribal knowledge for accelerated compliance control deployment are provided. In one example, a system includes a memory that stores computer executable components and a processor that executes computer executable components stored in the memory, wherein the computer executable components include a knowledge base generation component that generates a knowledge graph corresponding to respective commitments created via tribal exchanges, the knowledge graph comprising a semantic level and an operational level; a semantic graph population component that populates the semantic level of the knowledge graph based on identified parties to the respective commitments; and an operational graph population component that populates the operational level of the knowledge graph based on tracked status changes associated with the respective commitments.

Abstract: A method for scheduling services in a computing environment includes receiving a service scheduling request corresponding to the computing environment and identifying a resource pool and a set of compliance requirements corresponding to the computing environment. The method continues by identifying target resources within the resource pool, wherein target resources are resources which meet the set of compliance requirements, and subsequently identifying a set of available target resources, wherein available target resources are target resources with scheduling availability. The method further includes analyzing the set of available target resources to determine a risk score for each available target resource and selecting one or more of the set of available target resources according to the determined risk scores. The method continues by scheduling a service corresponding to the service scheduling request on the selected one or more available target resources.

Abstract: A vulnerability management method includes analyzing a system environment to uncover one or more vulnerabilities. The method includes subsequently identifying one or more system weaknesses corresponding to the one or more uncovered vulnerabilities and analyzing a set of historical data to identify similar past vulnerabilities. The method further includes analyzing available information to extract one or more impacts of the identified similar past vulnerabilities and determining one or more impacts to the present system environment that would correspond to the extracted one or more impacts of the identified similar past vulnerabilities. The method additionally includes recommending one or more actions to remediate the uncovered vulnerabilities.

Abstract: A computer system, program code, and a method are provided to leverage an AI model with respect to a target specification for a target standard. The AI model is configured to identify at least one candidate control associated with a corresponding standard. A map is subject to traversal to identify the candidate control in the map. Source and destination controls of the map are leveraged to identify at least one mapped control associated with the target standard. The AI model is selectively subject to training with the mapped control and the target standard.

Abstract: Embodiments relate to a computer system, computer program product, and computer-implemented method to train a machine learning (ML) model using artificial intelligence to learn an association between (regulatory) compliance requirements and features of micro-service training datasets. The trained ML model is leveraged to determine the compliance requirements of a micro-service requiring classification. In an exemplary embodiment, once the micro-service has been classified with respect to applicable compliance requirements, the classified micro-service may be used as an additional micro-service training dataset to further train the ML model and thereby improve its performance.