Method and system for self-learning compliance remediation
Publication Date: 2017-Jun-20
The IP.com Prior Art Database
A self-learning system capable of understanding the nature of a compliance shift, retrieving possible solutions from a problem tracking repository and dynamically building new corrective actions.
TITLE: Method and system for self-learning compliance remediation
Nowadays, a lot of tools are in place in the IT world in order to check that specific processes and/or
systems are running in compliance with predefined policies. These checks are implemented using
software that in many cases is also able to trigger corrective actions. This is the case of the Bigfix product
which is the major candidate for IBM to implement this idea in; however it can be applied to other software
providing compliance and remediation.
A common problem with those products is when all the corrective actions are in place for a specific
process or system, but it results out of compliance, and no further action can be run by the Administrator
to remediate the issue. This means that the variables that are taken into account aren’t enough to take
the system under control, and the Administrator is stuck.
Following for simplicity the example of Bigfix, there are compliance sites providing a set of analyses and
fixlets (that is, possible actions to run to solve the issue) to control and enforce specific compliance
Given a specific compliance policy the Client provides the capability to continuously check the adherence
to the policy, and in case a missing compliance is detected, it provides the capability to perform a
The Server instead deploys analyses and fixlets to the proper set of clients, and the applicability of each
object is based on what is called relevance condition, based on variables and parameters computed client
In some cases, however, it can happen that a missing compliance is detected, but the Administrator has
already run all the relevant fixlets to solve it, that is there’s no more available corrective action that he can
run. An example is a policy that set the maximum amount of database access time to be < of 2 msec. The
Server provides a relevance that shows that the policy has been violated on a set of computers, however
none of the related fixlets becomes relevant, or it is capable to resolve the problem.
This issue happens anytime the cause of a problem is different from the one already considered
by the existing fixlets.
The proposal provides a way to resolve the problem described above, using a self-learning system
capable to understand the nature of the non-compliance, retrieve possible solutions from a problem
tracking repository and dynamically build new corrective actions.
The method described in details below leverages the non-compliance condition to parse items in a
problem tracking systems where often the solutions to these non-compliances are contained.
The solution also leverages a granular action library that is continuously and dynamically
updated, thus allowing for the solutions that are continuously discovered customer side to be
automatically incorporated into resolving actions to be used by system administrators.
Any time a "not-compliance" is detected, and none of the available fixlet becomes rele...