Abstract: A plurality of textual log records characterizing operations occurring within a technology landscape may be received and converted into numerical log record vectors. For a current log record vector and a preceding set of log record vectors of the numerical log record vectors, a similarity series may be computed that includes a similarity measure for each of a set of log record vector pairs, with each log record vector pair including the current log record vector and one of the preceding set of log record vectors. A similarity distribution of the similarity series may be generated, and an anomaly in the operations occurring within the technology landscape may be detected, based on the similarity distribution.

Abstract: A plurality of log records characterizing operations occurring within a technology landscape may be received. The plurality of log records may be clustered into at least a first cluster of log records and a second cluster of log records, using at least one similarity algorithm. A first dissimilar subset of log records within the first cluster of log records, and a second dissimilar subset of log records within the second cluster of log record may be identified, using the at least one similarity algorithm. At least one machine learning model may be trained to process new log records characterizing the operations occurring within the technology landscape, using the first dissimilar subset and the second dissimilar subset.

Abstract: An incident ticket having a worklog field for a resolution field and a worklog providing a history of actions taken during attempts to resolve an incident may be received. The incident ticket may be processed using a domain-specific machine learning model trained using training data that includes a plurality of resolved incident tickets, to thereby generate at least one resolution statement. Source data used by the domain-specific machine learning model in providing the at least one resolution statement may be determined, the source data including one of the worklog and the training data. A hallucination score may be assigned to the at least one resolution statement, based on the source data, to identify hallucinated content within the at least one resolution statement. The at least one resolution statement may be modified to remove the hallucinated content and thereby obtain a resolution for inclusion in the resolution field.

Abstract: Systems and techniques for implementing a change to a plurality of devices in a computing infrastructure include generating a risk prediction model, where the risk prediction model is trained using a combination of supervised learning and unsupervised learning and identifying, using the risk prediction model, a first set of devices from the plurality of devices having a low risk of failure due to implementing the change and a second set of devices from the plurality of devices having a high risk of failure due to implementing the change. A schedule is automatically generated for implementing the change to the first set of devices. The change is implemented on a portion of the first set of devices according to the schedule. The risk prediction model is updated using data obtained from implementing the change on the portion of the first set of devices.

Abstract: A plurality of resolved incident tickets may each include a worklog providing a history of actions taken during attempts to resolve a corresponding resolved incident and a resolution having at least one resolution statement. An iterative processing of the plurality of resolved incident tickets may include processing each resolution statement of the resolution with at least one domain-specific statement classifier specific to the incident domain to either discard or retain a classified resolution statement; processing each retained classified resolution statement in conjunction with the worklog to determine whether to discard or retain the resolved incident; providing an updated resolution for the resolved incident when the resolved incident is retained, and adding the resolved incident with the updated resolution to the processed incident tickets. Then, at least one machine learning model may be trained to process a new incident ticket, using the processed incident tickets.

Abstract: Described systems and techniques enable prediction of a state of an application at a future time, with high levels of accuracy and specificity. Accordingly, operators may be provided with sufficient warning to avert poor user experiences. Unsupervised machine learning techniques may be used to characterize current states of applications and underlying components in a standardized manner. The resulting data effectively provides labelled training data that may then be used by supervised machine learning algorithms to build state prediction models. Resulting state prediction models may then be deployed and used to predict an application state of an application at a specified future time.

Abstract: A method for securing a service implemented on a computer network includes identifying network assets in the computer network used by the service. The method further includes identifying vulnerabilities in one or more of the network assets, determining an asset risk score for each of the network assets, and determining a service risk score for the service. The method involves implementing one or more vulnerability remediation actions on the computer network to reduce the service risk score and secure the service.

Abstract: Described systems and techniques enable prediction of a state of an application at a future time, with high levels of accuracy and specificity. Accordingly, operators may be provided with sufficient warning to avert poor user experiences. Unsupervised machine learning techniques may be used to characterize current states of applications and underlying components in a standardized manner. The resulting data effectively provides labelled training data that may then be used by supervised machine learning algorithms to build state prediction models. Resulting state prediction models may then be deployed and used to predict an application state of an application at a specified future time.

Abstract: A system, method, and computer program product for intelligent-skills-matching includes receiving a plurality of tickets, where each ticket in the plurality of tickets includes a plurality of fields and at least one agent who resolved the ticket is identified. A clustering algorithm is used on one or more of the plurality of fields to determine skills from the plurality of tickets. A taxonomy of the skills is generated using a taxonomy-construction algorithm. Using the taxonomy of the skills, a skills matrix or a skills knowledge graph is created with agents assigned to the skills.

Abstract: A method for securing a networked computer system executing an application includes identifying a vulnerable computer resource in the networked computer system, determining all computer resources in the networked computer system that are accessible from, or are accessed by, the vulnerable computer resource, and prioritizing implementation of a remediation action to secure the vulnerable computer resource if a vulnerability path extends from the vulnerable computer resource to a critical computer resource that contains sensitive information. The remediation action to secure the vulnerable computer resource is a safe remediation action that does not impact availability of the application executing on the networked computer system.

Abstract: A cloud-native proxy gateway is reachable from a central server and from an isolated cloud VM. A method allows legacy (non-cloud native) solutions to establish a secure connection to the isolated cloud VM, even when incoming port flows are not enabled. The method involves transforming a TCP/IP network connection request into a cloud API call, ignoring IP addresses, and instead using a unique cloud resource identifier as the primary network routing methodology. In response to a communication connection request by the central server, the isolated VM establishes a reverse tunnel to the cloud-native proxy gateway. Communication flow initiated by the central server proceeds through the reverse tunnel to the isolated VM, avoiding an issue of duplicate IP addresses in the cloud.

Abstract: Information technology service management (ITSM) incident reports are converted from textual data to multiple vectors using an encoder and parameters are selected, where the parameters include a base cluster number and a threshold value. A base group of clusters is generated using an unsupervised machine learning clustering algorithm with the vectors and the parameters as input. A cluster quality score is computed for each of the base group of clusters. Each cluster from the base group of clusters with the cluster quality score above the threshold value is recursively split into new clusters until the cluster quality score for each cluster in the new clusters is below the threshold value. A final group of clusters is output, where each cluster from the final group of clusters represents ITSM incident reports related to a same problem.

Abstract: A data management system includes a data reconciliation engine that identifies data sources that contain data records referencing a resource and determines whether each of the identified data sources is a creative data source or an additive data source. When all of the identified data sources are additive data sources, the reconciliation engine terminates a data reconciliation process. When all of the identified data sources are not additive data sources, the reconciliation engine finds a first creative data source from among the identified data sources, and initiates the data reconciliation process by merging data from the identified data sources including the first creative data source, one data source-by-one data source, into a reconciled data record.

Abstract: A first datastore discovers a configuration item (CI), without a persistent unique identifier in a distributed datastores environment. When the first datastore has authoritative naming rights, it determines an authoritative identification for the CI. When the first datastore has advisory naming rights, it suggests a name for the CI to a second datastore having authoritative naming rights. The second datastore determines that a pre-existing identification for the CI in the second datastore is the authoritative identification for the CI. If there is no pre-existing identification for the CI in the second data store, the second data store accepts the suggested name as the authoritative identification for the CI. When the first datastore has no naming rights for the CI, it sends the CI to a third data store having authoritative naming rights for the CI to get an authoritative identification for the CI.

Abstract: A content engine may utilize a configuration management database (CMDB) to manage a configuration of a technology landscape. A curation manager 102 may utilize a plurality of article sources to provide, in collaboration with the content engine, a plurality of enriched articles that are specific to the technology landscape. The enriched articles enable an IT administrator using the content engine to execute IT administration duties in a fast, efficient, reliable, and timely manner.

Abstract: Described systems and techniques enable prediction of a state of an application at a future time, with high levels of accuracy and specificity. Accordingly, operators may be provided with sufficient warning to avert poor user experiences. Unsupervised machine learning techniques may be used to characterize current states of applications and underlying components in a standardized manner. The resulting data effectively provides labelled training data that may then be used by supervised machine learning algorithms to build state prediction models. Resulting state prediction models may then be deployed and used to predict an application state of an application at a specified future time.

Abstract: A content engine may utilize a configuration management database (CMDB) to manage a configuration of a technology landscape. A curation manager 102 may utilize a plurality of article sources to provide, in collaboration with the content engine, a plurality of enriched articles that are specific to the technology landscape. The enriched articles enable an IT administrator using the content engine to execute IT administration duties in a fast, efficient, reliable, and timely manner.

Abstract: A cloud-native proxy gateway is reachable from a central server and from an isolated cloud VM. A method allows legacy (non-cloud native) solutions to establish a secure connection to the isolated cloud VM, even when incoming port flows are not enabled. The method involves transforming a TCP/IP network connection request into a cloud API call, ignoring IP addresses, and instead using a unique cloud resource identifier as the primary network routing methodology. In response to a communication connection request by the central server, the isolated VM establishes a reverse tunnel to the cloud-native proxy gateway. Communication flow initiated by the central server proceeds through the reverse tunnel to the isolated VM, avoiding an issue of duplicate IP addresses in the cloud.

Abstract: A method of forming an optical device in a body (32), comprises performing a plurality of laser scans (34,36) to form the optical device, each scan comprising relative movement of a laser beam and the body thereby to scan the laser beam along a respective path (34a, 34b 34f; 36a, 36b 36f) through the body to alter the refractive index of material of that path, wherein the paths are arranged to provide in combination a route for propagation of light through the optical device in operation that is larger in a direction substantially perpendicular to the route for propagation of light than any one of the paths individually.

Abstract: A method for securing a networked computer system executing an application includes identifying a vulnerable computer resource in the networked computer system, determining all computer resources in the networked computer system that are accessible from, or are accessed by, the vulnerable computer resource, and prioritizing implementation of a remediation action to secure the vulnerable computer resource if a vulnerability path extends from the vulnerable computer resource to a critical computer resource that contains sensitive information. The remediation action to secure the vulnerable computer resource is a safe remediation action that does not impact availability of the application executing on the networked computer system.