| CPC G06F 21/554 (2013.01) [G06F 9/453 (2018.02); G06F 11/0793 (2013.01); G06F 11/3438 (2013.01); H04L 41/0631 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1441 (2013.01)] | 20 Claims |
|
1. A computer-implemented method, comprising:
identifying, by an incident handling system, an incident in an information technology (IT) environment, wherein the incident is associated with a plurality of incident characteristics;
identifying a plurality of previous incidents handled by the incident handling system that are similar to the incident, wherein each of the plurality of previous incidents is identified by searching incident handling information for incidents associated with least one of the plurality of incident characteristics;
identifying a plurality of courses of action executed by the incident handling system to respond to the plurality of previous incidents, wherein a course of action of the plurality of courses of action includes a defined set of actions that are executable by the incident handling system;
selecting, from the plurality of courses of action, a set of actions to include in a suggested course of action to be used to respond to the incident;
determining, based on the plurality of courses of action, an order in which to execute the set of actions during execution of the suggested course of action; and
executing, by the incident handling system, the suggested course of action in the IT environment.
|