Abstract: A document of written content may be obtained. The document may be a candidate for inclusion in a corpus. A first entity associated with the document may be identified. A first discrete entity associated with the first entity may be identified. The relationship associated with the first entity and the first discrete entity may be analyzed. Based on the analyzing, a likelihood that the document contains content that would be detrimental for inclusion in the corpus may be determined.

Abstract: A method, computer system, and a computer program product for estimating the probability of invoking information technology (IT) disaster recovery at a location based on an incident risk is provided. The present invention may include receiving a piece of data associated with an incident at the location. The present invention may also include estimating a similarity value associated with the incident based on a plurality of past incidents from a knowledge base. The present invention may then include receiving a plurality of mined data based on the location. The present invention may further include predicting the incident risk to the location based on the received plurality of mined data and the estimated similarity value to the plurality of past incidents.

Abstract: A system to provide end users with recommendations on improving the quality of the incident management process is provided. A computer device identifies a set of historical incident reports, wherein the historical incident reports identify: (i) incident tickets, (ii) one or more skills associated with personnel assigned to the incident tickets, and (iii) whether the incident tickets were resolved within threshold periods of time to resolve. The computing device trains a machine learning model to predict sets of skills associated with resolving incident tickets within the threshold periods of time to resolve based, at least in part, on the identified set of historical incident reports. The computing device assigns a set of personnel to the new incident ticket based, at least in part, on the predicted set of skills associated with resolving the new incident ticket within the threshold period of time to resolve.

Abstract: A set of profile parameters to characterize an unknown group of servers is computed. A set of known groups of servers is selected from a historical repository of known group of servers. A subset of known group is selected such that each known group in the subset has a corresponding similarity distance that is within a threshold similarity distance from the unknown group. A decision tree is constructed corresponding to a known group in the subset, by cognitively analyzing a usage of the set of profile parameters of the unknown group in the known group. Using the decision tree a number of problematic servers is predicted in the unknown group. When the predicted number of problematic servers does not exceed a threshold number, a post-prediction action is caused to occur on the unknown group, which causes a reduction in an actual number of problematic servers in the unknown group.

Abstract: A method of identifying an incident root cause probability that includes identifying, using a monitoring system, a first incident/incident class and generating, using a change management application, a first change request and change class. The method also includes generating, from the change management application, a second change request from a second incident, and where the first and second incidents are in a set of incidents, and where the first and second change requests are in a set of changes, mapping, by a cause analysis application, the set of incidents to the set of changes to identify a root cause probability, where the probability is formed by from a Galois linkage chain between the two sets, and developing, from the cause analysis application, a root cause probability value of the first incident, and executing, using a parameter management application, a mitigation process.

Abstract: A system to provide end users with recommendations on improving the quality of the incident management process is provided. A computer device identifies a set of historical incident reports, wherein the historical incident reports identify: (i) incident tickets, (ii) one or more skills associated with personnel assigned to the incident tickets, and (iii) whether the incident tickets were resolved within threshold periods of time to resolve. The computing device trains a machine learning model to predict sets of skills associated with resolving incident tickets within the threshold periods of time to resolve based, at least in part, on the identified set of historical incident reports. The computing device assigns a set of personnel to the new incident ticket based, at least in part, on the predicted set of skills associated with resolving the new incident ticket within the threshold period of time to resolve.

Abstract: Systems, computer-implemented methods, and computer program products to facilitate discovery of an inexplicit link between a change and an incident in a computing environment are provided. According to an embodiment, a system can comprise a processor that executes computer executable components stored in memory. The computer executable components can comprise an analysis component that determines a defined link strength corresponding to links between change data and incident data in a computing environment. The computer executable components further comprise an extraction component that employs a model to identify an inexplicit link between the change data and the incident data based on the defined link strength.

Abstract: A method of identifying an incident root cause probability that includes identifying, using a monitoring system, a first incident/incident class and generating, using a change management application, a first change request and change class. The method also includes generating, from the change management application, a second change request from a second incident, and where the first and second incidents are in a set of incidents, and where the first and second change requests are in a set of changes, mapping, by a cause analysis application, the set of incidents to the set of changes to identify a root cause probability, where the probability is formed by from a Galois linkage chain between the two sets, and developing, from the cause analysis application, a root cause probability value of the first incident, and executing, using a parameter management application, a mitigation process.

Abstract: A file validation method and system is provided. The method includes retrieving from an authoritative source system, an artifact file. Identification information identifying a requesting user of the artifact file is recorded and associated metadata and a modified artifact file comprising the metadata combined with the artifact file are generated. An encryption key including a first portion and a second portion is generated and the first portion is stored within a central key store database. An encrypted package comprising the modified artifact file and the second portion of the key is generated.

Abstract: A method, computer system, and a computer program product for estimating the probability of invoking information technology (IT) disaster recovery at a location based on an incident risk is provided. The present invention may include receiving a piece of data associated with an incident at the location. The present invention may also include estimating a similarity value associated with the incident based on a plurality of past incidents from a knowledge base. The present invention may then include receiving a plurality of mined data based on the location. The present invention may further include predicting the incident risk to the location based on the received plurality of mined data and the estimated similarity value to the plurality of past incidents.

Abstract: A file validation method and system is provided. The method includes retrieving from an authoritative source system, an artifact file. Identification information identifying a requesting user of the artifact file is recorded and associated metadata and a modified artifact file comprising the metadata combined with the artifact file are generated. An encryption key including a first portion and a second portion is generated and the first portion is stored within a central key store database. An encrypted package comprising the modified artifact file and the second portion of the key is generated.

Abstract: A file validation method and system is provided. The method includes retrieving from an authoritative source system, an artifact file. Identification information identifying a requesting user of the artifact file is recorded and associated metadata and a modified artifact file comprising the metadata combined with the artifact file are generated. An encryption key including a first portion and a second portion is generated and the first portion is stored within a central key store database. An encrypted package comprising the modified artifact file and the second portion of the key is generated.

Abstract: Training a random forest model to relate settings of a network security device to undesirable behavior of the network security device is provided. A determination of a corresponding set of settings associated with each region of lowest incident probability is made using a random forest. The plurality of identified desired settings are presented as options for changing the network security device from the as-is settings to the identified desired settings. A choice is received from the plurality of options. The choice informs the random forest model. The random forest model ranks for a new problematic network security device the plurality of options for changing the new problematic network security device from as-is settings to desired settings by aggregating an identified cost of individual configuration changes, thereby identifying a most cost-effective setting for the network security device to achieve a desired output of the network security device.

Abstract: A file validation method and system is provided. The method includes retrieving from an authoritative source system, an artifact file. Identification information identifying a requesting user of the artifact file is recorded and associated metadata and a modified artifact file comprising the metadata combined with the artifact file are generated. An encryption key including a first portion and a second portion is generated and the first portion is stored within a central key store database. An encrypted package comprising the modified artifact file and the second portion of the key is generated.

Abstract: A document of written content may be obtained. The document may be a candidate for inclusion in a corpus. A first entity associated with the document may be identified. A first discrete entity associated with the first entity may be identified. The relationship associated with the first entity and the first discrete entity may be analyzed. Based on the analyzing, a likelihood that the document contains content that would be detrimental for inclusion in the corpus may be determined.

Abstract: A file validation method and system is provided. The method includes retrieving from an authoritative source system, an artifact file. Identification information identifying a requesting user of the artifact file is recorded and associated metadata and a modified artifact file comprising the metadata combined with the artifact file are generated. An encryption key including a first portion and a second portion is generated and the first portion is stored within a central key store database. An encrypted package comprising the modified artifact file and the second portion of the key is generated.

Abstract: A file validation method and system is provided. The method includes retrieving from an authoritative source system, an artifact file. Identification information identifying a requesting user of the artifact file is recorded and associated metadata and a modified artifact file comprising the metadata combined with the artifact file are generated. An encryption key including a first portion and a second portion is generated and the first portion is stored within a central key store database. An encrypted package comprising the modified artifact file and the second portion of the key is generated.

Abstract: A file validation method and system is provided. The method includes retrieving from an authoritative source system, an artifact file. Identification information identifying a requesting user of the artifact file is recorded and associated metadata and a modified artifact file comprising the metadata combined with the artifact file are generated. An encryption key including a first portion and a second portion is generated and the first portion is stored within a central key store database. An encrypted package comprising the modified artifact file and the second portion of the key is generated.

Abstract: A set of profile parameters to characterize an unknown group of servers is computed. A set of known groups of servers is selected from a historical repository of known group of servers. A subset of known group is selected such that each known group in the subset has a corresponding similarity distance that is within a threshold similarity distance from the unknown group. A decision tree is constructed corresponding to a known group in the subset, by cognitively analyzing a usage of the set of profile parameters of the unknown group in the known group. Using the decision tree a number of problematic servers is predicted in the unknown group. When the predicted number of problematic servers does not exceed a threshold number, a post-prediction action is caused to occur on the unknown group, which causes a reduction in an actual number of problematic servers in the unknown group.

Abstract: Training a random forest model to relate settings of a network security device to undesirable behavior of the network security device is provided. A determination of a corresponding set of settings associated with each region of lowest incident probability is made using a random forest. The plurality of identified desired settings are presented as options for changing the network security device from the as-is settings to the identified desired settings. A choice is received from the plurality of options. The choice informs the random forest model. The random forest model ranks for a new problematic network security device the plurality of options for changing the new problematic network security device from as-is settings to desired settings by aggregating an identified cost of individual configuration changes, thereby identifying a most cost-effective setting for the network security device to achieve a desired output of the network security device.