Introduction to Automated Service Intelligence Machine Learning (ASIML)
The Interlink Software Automated Service Intelligence machine learning (ASIML) offering provides out-of-the-box support for machine learning techniques to automate alert correlation and alleviate the administrator from the need for manually coding alert management rules (e.g. policy-based temporal fuzzy matching, whitelist and blacklist processing).
ASIML Standard Alert Model (SAM)
Automatically correlate alerts into scenarios, dramatically reducing the volume of alerts the user must interact with. Inside each alert scenario exists one to many alerts that have been automatically correlated to that alert scenario. ASIML is controlled by the standard alert management policies defined in the ASIML dashboard. This is used to prepare and test the model for our alert and metric based machine learning.
SAM policies help to train the ASIMLa model algorithm on how to formulate its predictions. Each policy contains feature columns and match weightings.
Three default SAM policies are provided out-of-the-box, Source, Description and IPCheck. the following settings for the feature columns and match weightings are used:
| Policy | Feature Column | Algorithm | Weighting |
|---|---|---|---|
| Source | mcname | Similarity | 100 |
| Source | _domain | Similarity | 75 |
| Description | mcname | Similarity | 100 |
| Description | text | Similarity | 75 |
| IPCheck | _asiml_ipaddr | Subnet | 24 |
ASIML Field descriptions
| Field | Description | Example |
|---|---|---|
| asiml_automate | On the parent alert, the value "Ticket". To enable you to use this as a trigger when creating incidents. | Ticket |
| asiml_count | On the parent alert, the number of child alerts under the specific scenario. | 6 |
| asiml_ipaddr | The IP address of the alert if it’s in the alert. | 192.168.1.3 |
| asiml_label | The unique Scenario Name on the parent alert. The policy name on the clustered alerts. | SN00000008 |
| asiml_precision | Percentage of how precise it matches to the ASIML policy. | 89.4736856 |
| asiml_scenario | The BES AlertId of the parent alert | 0006736478 |
| Notes | Full details of all policies which have clustered on the parent alert | 2019-03-08 11:35:45 ASIML: Associated Alert 0006736478:Description:89.4736856% - mcname=ISS text=app2 M Node down |