Abstract: This Application sets forth techniques for managing the cellular connectivity state of a submerged wireless device. The wireless device can include sensors that analyze environmental conditions to determine when the wireless device is (or is not) submerged underwater as well as at what depth the wireless device is submerged underwater. The sensors can also determine different types of aquatic activity in which a user of the wireless device is currently engaged, such as swimming, snorkeling, free diving, and scuba diving. In turn, the wireless device can utilize this information to manage its cellular connectivity state in order to avoid wasteful consumptions of energy. In particular, the techniques enable the submerged wireless device to eliminate any existing cellular connection as well as connection reattempts so long as they are unlikely to succeed. Moreover, the techniques enable the wireless device to execute connection reattempts when they are appropriate and likely to succeed.

Abstract: A plurality of resolved incident tickets may each include a worklog providing a history of actions taken during attempts to resolve a corresponding resolved incident and a resolution having at least one resolution statement. An iterative processing of the plurality of resolved incident tickets may include processing each resolution statement of the resolution with at least one domain-specific statement classifier specific to the incident domain to either discard or retain a classified resolution statement; processing each retained classified resolution statement in conjunction with the worklog to determine whether to discard or retain the resolved incident; providing an updated resolution for the resolved incident when the resolved incident is retained, and adding the resolved incident with the updated resolution to the processed incident tickets. Then, at least one machine learning model may be trained to process a new incident ticket, using the processed incident tickets.

Abstract: Described systems and techniques enable prediction of a state of an application at a future time, with high levels of accuracy and specificity. Accordingly, operators may be provided with sufficient warning to avert poor user experiences. Unsupervised machine learning techniques may be used to characterize current states of applications and underlying components in a standardized manner. The resulting data effectively provides labelled training data that may then be used by supervised machine learning algorithms to build state prediction models. Resulting state prediction models may then be deployed and used to predict an application state of an application at a specified future time.

Abstract: Described systems and techniques enable prediction of a state of an application at a future time, with high levels of accuracy and specificity. Accordingly, operators may be provided with sufficient warning to avert poor user experiences. Unsupervised machine learning techniques may be used to characterize current states of applications and underlying components in a standardized manner. The resulting data effectively provides labelled training data that may then be used by supervised machine learning algorithms to build state prediction models. Resulting state prediction models may then be deployed and used to predict an application state of an application at a specified future time.

Abstract: A method for securing a service implemented on a computer network includes identifying network assets in the computer network used by the service. The method further includes identifying vulnerabilities in one or more of the network assets, determining an asset risk score for each of the network assets, and determining a service risk score for the service. The method involves implementing one or more vulnerability remediation actions on the computer network to reduce the service risk score and secure the service.

Abstract: A system, method, and computer program product for intelligent-skills-matching includes receiving a plurality of tickets, where each ticket in the plurality of tickets includes a plurality of fields and at least one agent who resolved the ticket is identified. A clustering algorithm is used on one or more of the plurality of fields to determine skills from the plurality of tickets. A taxonomy of the skills is generated using a taxonomy-construction algorithm. Using the taxonomy of the skills, a skills matrix or a skills knowledge graph is created with agents assigned to the skills.

Abstract: A method for securing a networked computer system executing an application includes identifying a vulnerable computer resource in the networked computer system, determining all computer resources in the networked computer system that are accessible from, or are accessed by, the vulnerable computer resource, and prioritizing implementation of a remediation action to secure the vulnerable computer resource if a vulnerability path extends from the vulnerable computer resource to a critical computer resource that contains sensitive information. The remediation action to secure the vulnerable computer resource is a safe remediation action that does not impact availability of the application executing on the networked computer system.

Abstract: A cloud-native proxy gateway is reachable from a central server and from an isolated cloud VM. A method allows legacy (non-cloud native) solutions to establish a secure connection to the isolated cloud VM, even when incoming port flows are not enabled. The method involves transforming a TCP/IP network connection request into a cloud API call, ignoring IP addresses, and instead using a unique cloud resource identifier as the primary network routing methodology. In response to a communication connection request by the central server, the isolated VM establishes a reverse tunnel to the cloud-native proxy gateway. Communication flow initiated by the central server proceeds through the reverse tunnel to the isolated VM, avoiding an issue of duplicate IP addresses in the cloud.

Abstract: Information technology service management (ITSM) incident reports are converted from textual data to multiple vectors using an encoder and parameters are selected, where the parameters include a base cluster number and a threshold value. A base group of clusters is generated using an unsupervised machine learning clustering algorithm with the vectors and the parameters as input. A cluster quality score is computed for each of the base group of clusters. Each cluster from the base group of clusters with the cluster quality score above the threshold value is recursively split into new clusters until the cluster quality score for each cluster in the new clusters is below the threshold value. A final group of clusters is output, where each cluster from the final group of clusters represents ITSM incident reports related to a same problem.

Abstract: A data management system includes a data reconciliation engine that identifies data sources that contain data records referencing a resource and determines whether each of the identified data sources is a creative data source or an additive data source. When all of the identified data sources are additive data sources, the reconciliation engine terminates a data reconciliation process. When all of the identified data sources are not additive data sources, the reconciliation engine finds a first creative data source from among the identified data sources, and initiates the data reconciliation process by merging data from the identified data sources including the first creative data source, one data source-by-one data source, into a reconciled data record.

Abstract: A first datastore discovers a configuration item (CI), without a persistent unique identifier in a distributed datastores environment. When the first datastore has authoritative naming rights, it determines an authoritative identification for the CI. When the first datastore has advisory naming rights, it suggests a name for the CI to a second datastore having authoritative naming rights. The second datastore determines that a pre-existing identification for the CI in the second datastore is the authoritative identification for the CI. If there is no pre-existing identification for the CI in the second data store, the second data store accepts the suggested name as the authoritative identification for the CI. When the first datastore has no naming rights for the CI, it sends the CI to a third data store having authoritative naming rights for the CI to get an authoritative identification for the CI.

Abstract: A content engine may utilize a configuration management database (CMDB) to manage a configuration of a technology landscape. A curation manager 102 may utilize a plurality of article sources to provide, in collaboration with the content engine, a plurality of enriched articles that are specific to the technology landscape. The enriched articles enable an IT administrator using the content engine to execute IT administration duties in a fast, efficient, reliable, and timely manner.

Abstract: Described systems and techniques enable prediction of a state of an application at a future time, with high levels of accuracy and specificity. Accordingly, operators may be provided with sufficient warning to avert poor user experiences. Unsupervised machine learning techniques may be used to characterize current states of applications and underlying components in a standardized manner. The resulting data effectively provides labelled training data that may then be used by supervised machine learning algorithms to build state prediction models. Resulting state prediction models may then be deployed and used to predict an application state of an application at a specified future time.

Abstract: A cloud-native proxy gateway is reachable from a central server and from an isolated cloud VM. A method allows legacy (non-cloud native) solutions to establish a secure connection to the isolated cloud VM, even when incoming port flows are not enabled. The method involves transforming a TCP/IP network connection request into a cloud API call, ignoring IP addresses, and instead using a unique cloud resource identifier as the primary network routing methodology. In response to a communication connection request by the central server, the isolated VM establishes a reverse tunnel to the cloud-native proxy gateway. Communication flow initiated by the central server proceeds through the reverse tunnel to the isolated VM, avoiding an issue of duplicate IP addresses in the cloud.

Abstract: A content engine may utilize a configuration management database (CMDB) to manage a configuration of a technology landscape. A curation manager 102 may utilize a plurality of article sources to provide, in collaboration with the content engine, a plurality of enriched articles that are specific to the technology landscape. The enriched articles enable an IT administrator using the content engine to execute IT administration duties in a fast, efficient, reliable, and timely manner.

Abstract: A method of forming an optical device in a body (32), comprises performing a plurality of laser scans (34,36) to form the optical device, each scan comprising relative movement of a laser beam and the body thereby to scan the laser beam along a respective path (34a, 34b 34f; 36a, 36b 36f) through the body to alter the refractive index of material of that path, wherein the paths are arranged to provide in combination a route for propagation of light through the optical device in operation that is larger in a direction substantially perpendicular to the route for propagation of light than any one of the paths individually.

Abstract: A method for securing a networked computer system executing an application includes identifying a vulnerable computer resource in the networked computer system, determining all computer resources in the networked computer system that are accessible from, or are accessed by, the vulnerable computer resource, and prioritizing implementation of a remediation action to secure the vulnerable computer resource if a vulnerability path extends from the vulnerable computer resource to a critical computer resource that contains sensitive information. The remediation action to secure the vulnerable computer resource is a safe remediation action that does not impact availability of the application executing on the networked computer system.

Abstract: In accordance with aspects of the disclosure, systems and methods are provided for normalizing data representing entities and relationships linking the entities including defining one or more graph rules describing searchable characteristics for the data representing the entities and relationships linking the entities, applying the one or more graph rules to the data representing the entities and the relationships linking the entities, identifying one or more matching instances between the one or more graph rules and the data representing the entities and the relationships linking the entities, and performing one or more actions to update the one or more matching instances between the one or more graph rules and the data representing the entities and the relationships linking the entities.

Abstract: A first datastore discovers a configuration item (CI), without a persistent unique identifier in a distributed datastores environment. When the first datastore has authoritative naming rights, it determines an authoritative identification for the CI. When the first datastore has advisory naming rights, it suggests a name for the CI to a second datastore having authoritative naming rights. The second datastore determines that a pre-existing identification for the CI in the second datastore is the authoritative identification for the CI. If there is no pre-existing identification for the CI in the second data store, the second data store accepts the suggested name as the authoritative identification for the CI. When the first datastore has no naming rights for the CI, it sends the CI to a third data store having authoritative naming rights for the CI to get an authoritative identification for the CI.

Abstract: A data management system includes a data reconciliation engine that identifies data sources that contain data records referencing a resource and determines whether each of the identified data sources is a creative data source or an additive data source. When all of the identified data sources are additive data sources, the reconciliation engine terminates a data reconciliation process. When all of the identified data sources are not additive data sources, the reconciliation engine finds a first creative data source from among the identified data sources, and initiates the data reconciliation process by merging data from the identified data sources including the first creative data source, one data source-by-one data source, into a reconciled data record.