Browse Prior Art Database

Method and system for self-learning compliance remediation

IP.com Disclosure Number: IPCOM000250263D
Publication Date: 2017-Jun-20
Document File: 3 page(s) / 43K

Publishing Venue

The IP.com Prior Art Database

Abstract

A self-learning system capable of understanding the nature of a compliance shift, retrieving possible solutions from a problem tracking repository and dynamically building new corrective actions.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 39% of the total text.

TITLE: Method and system for self-learning compliance remediation

Nowadays, a lot of tools are in place in the IT world in order to check that specific processes and/or

systems are running in compliance with predefined policies. These checks are implemented using

software that in many cases is also able to trigger corrective actions. This is the case of the Bigfix product

which is the major candidate for IBM to implement this idea in; however it can be applied to other software

providing compliance and remediation.

A common problem with those products is when all the corrective actions are in place for a specific

process or system, but it results out of compliance, and no further action can be run by the Administrator

to remediate the issue. This means that the variables that are taken into account aren’t enough to take

the system under control, and the Administrator is stuck.

Following for simplicity the example of Bigfix, there are compliance sites providing a set of analyses and

fixlets (that is, possible actions to run to solve the issue) to control and enforce specific compliance

policies.

Given a specific compliance policy the Client provides the capability to continuously check the adherence

to the policy, and in case a missing compliance is detected, it provides the capability to perform a

corrective action.

The Server instead deploys analyses and fixlets to the proper set of clients, and the applicability of each

object is based on what is called relevance condition, based on variables and parameters computed client

side.

In some cases, however, it can happen that a missing compliance is detected, but the Administrator has

already run all the relevant fixlets to solve it, that is there’s no more available corrective action that he can

run. An example is a policy that set the maximum amount of database access time to be < of 2 msec. The

Server provides a relevance that shows that the policy has been violated on a set of computers, however

none of the related fixlets becomes relevant, or it is capable to resolve the problem.

This issue happens anytime the cause of a problem is different from the one already considered

by the existing fixlets.

The proposal provides a way to resolve the problem described above, using a self-learning system

capable to understand the nature of the non-compliance, retrieve possible solutions from a problem

tracking repository and dynamically build new corrective actions.

The method described in details below leverages the non-compliance condition to parse items in a

problem tracking systems where often the solutions to these non-compliances are contained.

The solution also leverages a granular action library that is continuously and dynamically

updated, thus allowing for the solutions that are continuously discovered customer side to be

automatically incorporated into resolving actions to be used by system administrators.

Any time a "not-compliance" is detected, and none of the available fixlet becomes rele...