| CPC H04L 63/1416 (2013.01) [G06F 9/451 (2018.02); H04L 63/0281 (2013.01); H04L 63/1441 (2013.01)] | 26 Claims |
|
1. A computer-implemented method performed by an information technology (IT) and security operations application, the method comprising:
receiving first data indicating an occurrence of a first incident in a first IT environment, the first data associated with a first tenant of the IT and security operations application;
receiving input identifying an action to be performed responsive to the first incident;
receiving second data indicating an occurrence of a second incident in a second IT environment, the second data associated with a second tenant of the IT and security operations application;
determining that the second incident is related to the first incident;
determining that the second incident is related to a plurality of related incidents associated with a plurality of other tenants of the IT and security operations application;
based on determining that the second incident is related to the plurality of related incidents, performing an analysis of actions performed by the plurality of other tenants of the IT and security operations application responsive to the plurality of related incidents;
based on the analysis of actions performed by the plurality of other tenants of the IT and security operations application responsive to the plurality of related incidents, generating a ranked set of action recommendations;
causing display of a graphical user interface (GUI) including an indication of the ranked set of action recommendations; and
based on determining that the second incident is related to the first incident, providing an indication of the action to be performed responsive to the first incident as one of the action recommendations in the ranked set of action recommendations.
|