CPC H04L 41/5009 (2013.01) [G06N 20/00 (2019.01); H04L 41/16 (2013.01)] | 20 Claims |
1. A computer-implemented method, comprising:
accessing an operational metric that is correlated to a cloud incident occurring at an incident time in a cloud environment comprising a cloud server configured to provide a cloud service;
identifying first instances of the operational metric exceeding a metric threshold associated with the operational metric within a timeframe of the cloud incident as true positives;
identifying second instances of the operational metric exceeding the metric threshold outside of the timeframe of the cloud incident as false positives;
calculating a correlation score for the operational metric based, at least in part, on a quantity of the true positives and a quantity of the false positives; and
based on the correlation score, determining that the operational metric correlates to the cloud incident.
|