US 12,445,344 B1
Executing playbooks against aggregate notable events in an information technology and security operations application
Sourabh Satish, Fremont, CA (US); Paul Agbabian, Los Angeles, CA (US); and Anurag Singla, Cupertino, CA (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Oct. 13, 2022, as Appl. No. 17/965,507.
Application 17/965,507 is a continuation of application No. 17/086,232, filed on Oct. 30, 2020, granted, now 11,516,069, issued on Nov. 29, 2022.
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 41/0631 (2022.01); H04L 9/40 (2022.01); H04L 41/0604 (2022.01); H04L 41/0654 (2022.01); H04L 41/0681 (2022.01); H04L 41/069 (2022.01)
CPC H04L 41/0631 (2013.01) [H04L 41/0622 (2013.01); H04L 41/0654 (2013.01); H04L 41/0681 (2013.01); H04L 41/069 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1441 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
obtaining, by an IT and security operations application, data reflecting operation of computing devices in an IT environment;
generating a plurality of timestamped events based on the data;
identifying, at a first point in time, a first notable event, wherein the first notable event is identified by determining that one or more timestamped events of the plurality of timestamped events match defined notable event criteria;
identifying, at a second point in time, a second notable event;
determining that the first notable event is related to the second notable event;
adding the first notable event and the second notable event to an aggregate notable event;
receiving input requesting execution of a playbook on the aggregate notable event; and
executing the playbook using the first notable event and the second notable event as input to the playbook.