CPC H04L 41/0631 (2013.01) [G06F 21/554 (2013.01); H04L 41/0654 (2013.01); H04L 41/0883 (2013.01); H04L 41/14 (2013.01); H04L 41/22 (2013.01); H04L 41/5074 (2013.01); H04L 63/1416 (2013.01); H04L 63/1441 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
1. A computer-implemented method, the method comprising:
obtaining, by an incident service, data identifying an incident occurring in an information technology (IT) environment, wherein the incident service is coupled to a plurality of IT environments including the IT environment;
obtaining, from a data store, anonymized action implementation data relevant to the incident, wherein the anonymized action implementation data describes past executions of actions by analyst systems running in one or more of the plurality of IT environments responsive to incidents identified in the plurality of IT environments;
identifying, based on the anonymized action implementation data, a plurality of action suggestions for responding to the incident; and
causing display of a flow diagram including the plurality of action suggestions, wherein the flow diagram indicates an order in which the plurality of action suggestions are to be executed.
|