Description:FIELD OF THE INVENTION
[0001] The present invention relates generally to the field of information technology operations and infrastructure management. More specifically, it pertains to a system and a method for alert analysis, risk estimation, and automated incident remediation using Artificial Intelligence (AI).
BACKGROUND FOR THE INVENTION:
[0002] In today’s complex IT environments, organizations face the constant challenge of monitoring extensive infrastructure and applications, which generate a high volume of alerts. These alerts come from various sources including servers, network devices, cloud platforms, and applications, often stored in multiple disparate repositories. The sheer volume and diversity of alerts make manual analysis time-consuming and prone to errors, hindering timely detection and resolution of critical issues.
[0003] Conventional monitoring systems primarily provide raw alert data or rely on simple threshold-based notifications that lack contextual understanding. As a result, IT teams must manually interpret alerts, assess their potential impact on business operations, and prioritize responses. This process is often inefficient and leads to delayed incident handling, increasing the risk of service degradation or downtime.
[0004] Automation of incident remediation has been introduced in some existing solutions; however, these typically rely on static, pre-configured playbooks or scripts requiring manual invocation or complex integrations. Such rigid approaches lack adaptability to dynamic IT environments where alert contexts and system dependencies can vary widely. Consequently, there remains a significant gap in achieving context-aware automation that can respond effectively to diverse and evolving alert scenarios.
[0005] Furthermore, the integration of human oversight with automated systems poses additional challenges. Balancing automation speed with the need for operator review and control is critical to avoid unintended consequences and ensure accurate incident management.
[0006] Therefore, there exists a need for advanced technology capable of analysing large volumes of heterogeneous alerts, estimating their impact with contextual awareness, and providing adaptive and data driven automation recommendations, all within a unified platform that supports seamless human-in-the-loop interaction. Such technology would enable IT teams to respond more proactively and efficiently to infrastructure incidents, ultimately improving operational reliability and minimizing business disruption.
OBJECTS OF THE INVENTION:
[0007] An object of the present invention is to provide a system for analysing IT infrastructure alerts and assisting IT operations teams in efficiently managing and responding to such IT infrastructure alerts.
[0008] Another object of the present invention is to estimate the risk, probability, and potential business impact of IT infrastructure alerts using AI techniques, including large language models and contextual data mapping.
[0009] Another object of the present invention is to recommend suitable remediation actions by dynamically identifying relevant automation workflows based on alert context, historical incident data, and predefined operational playbooks.
[0010] Yet another object of the present invention is to present a unified interface that enables human operators to review AI-generated insights and selectively initiate incident creation or automation workflows.
[0011] Still another object of the present invention is to reduce the manual effort and response time associated with alert triage and remediation in IT infrastructure environments by integrating analysis, automation, and operator oversight into a cohesive platform.
SUMMARY OF THE INVENTION:
[0012] The present invention provides a system for Artificial Intelligence (AI) powered Information Technology (IT) infrastructure alert analysis and automated response. The system includes an alert ingestion module, AI impact analyser module, mapping engine module, agentic automation recommender module, a user interface module. The alert ingestion module may be configured to fetch IT infrastructure alerts from a document-oriented database based on configuration item metadata. Further, the AI impact analyser module includes at least one Large Language Model configured to read and parse incoming IT infrastructure alerts from the document-oriented database, generate natural language summaries of IT infrastructure alerts, and assess impact, risk, and probability scores using dynamically constructed prompts that incorporate real-time configuration item to application mapping obtained from a configuration management data repository
[0013] The mapping engine module may be configured to associate each IT infrastructure alert with relevant business configuration items using dynamic configuration item to application mapping obtained from the configuration management data repository.
[0014] Further, the agentic automation recommender module includes a task orchestration module, a recommendation engine and a vector database. The task orchestration module may be configured to utilize agent-based workflows executed using multi-agent orchestration framework. The recommendation engine may be configured to identify suitable automation procedures for each IT infrastructure alert based on contextual parameters including operating system type, network device, location, alert metadata, temporal patterns from incident history, and predefined automation playbooks. The vector database may be configured to store and retrieve automation options using pattern-based retrieval.
[0015] Additionally, the user interface module includes an interactive interface and a control mechanism. The interactive interface may be configured to present AI-generated natural language summaries, risk assessments, and automation recommendations for user review and approval. A dashboard may be provided to render natural language summaries, risk assessments, and recommended remediation actions for each IT infrastructure alert to a user. The control mechanism may be provided for allowing the user to approve or reject automation recommendations or create incident records and trigger full or partial automation through integrated application programming interfaces, thereby enabling human-in-the-loop supervision of automated remediation workflows.
[0016] In a preferred embodiment, the Large Language Model of the AI impact analyser module is hosted on a cloud-based AI platform to perform natural language processing and impact assessment. In the preferred embodiment, the alert ingestion module retrieves IT infrastructure alerts using dynamic queries with metadata filters applied to a document-oriented database. In the preferred embodiment, the vector database utilizes embedding-based semantic similarity to retrieve contextually relevant automation playbooks.
[0017] In the preferred embodiment, the task orchestration module coordinates agent workflows using a multi-agent orchestration framework supporting asynchronous task execution. In the preferred embodiment, the recommendation engine generates human-readable justifications for proposed remediation actions by referencing historical incident outcomes and contextual metadata.
[0018] In the preferred embodiment, the dashboard of the user interface module is implemented as a web-based interface to provide enhanced observability and user interaction. In the preferred embodiment, the control mechanism interfaces with an external IT Service Management (ITSM) platform via an API to automatically log incidents upon user approval.
[0019] In the preferred embodiment, the configuration item to application mapping is continuously updated in real-time using event-driven synchronization with the configuration management data repository. In the preferred embodiment, the AI impact analyser module assigns business criticality scores to IT infrastructure alerts, which are then used to dynamically group and prioritize the IT infrastructure alerts for downstream processing.
BRIEF DESCRIPTION OF DRAWINGS:
[0020] Fig. 1a and Fig. 1b illustrate a block diagram showing different components of a system performing artificial intelligence powered IT infrastructure alert analysis and automated response, in accordance with an implementation of the present invention.
[0021] Fig. 2 Illustrates a flowchart showing a method of performing AI powered IT infrastructure alert analysis and automated response, in accordance with implementation of the present invention.
DETAILED DESCRIPTION OF DRAWINGS:
[0022] The embodiments herein and the various features and advantageous details thereof are explained more fully with reference to the non-limiting embodiments and detailed in the following description. Descriptions of well-known components and processing techniques are omitted so as not to unnecessarily obscure the embodiments herein. The examples used herein are intended merely to facilitate an understanding of ways in which the embodiments herein may be practiced and to further enable those of skill in the art to practice the embodiments herein. Accordingly, the examples should not be construed as limiting the scope of the embodiments herein.
[0023] Some embodiments of this disclosure, illustrating all its features, will now be discussed in detail. The words "enabling”, "establishing", “attaching” and other forms thereof, are intended to be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items or meant to be limited to only the listed item or items. It must also be noted that as used herein and in the appended claims, the singular forms "a," "an," and "the" include plural references unless the context clearly dictates otherwise. The terms “comprises,” “comprising,” “has,” “having,” “includes” and/or “including” as used herein, specify the presence of stated features, elements, and/or components and the like, but do not preclude the presence or addition of one or more other features, elements, components and/or combinations thereof. The term “an embodiment” is to be read as “at least one embodiment.” The term “another embodiment” is to be read as “at least one other embodiment.” Although any system and methods similar or equivalent to those described herein can be used in the practice or testing of embodiments of the present disclosure, the exemplary system and methods are now described.
[0024] The disclosed embodiments are merely examples of the disclosure, which may be embodied in various forms. Various modifications to the embodiment will be readily apparent to those skilled in the art and the generic principles herein may be applied to other embodiments. However, one of ordinary skill in the art will readily recognize that the present disclosure is not intended to be limited to the embodiments described but is to be accorded the widest scope consistent with the principles and features described herein.
[0025] FIG. 1 illustrates a block diagram showing different components of a system (100) for performing AI powered IT infrastructure alert analysis and automated response, in accordance with an implementation of the present invention. The system (100) includes a memory (106), a processor (104), and an interface (102). The system (100) may transmit and receive data through the interface (102). The memory (106) may store program instructions to perform several functions for performing IT infrastructure alert analysis and automated response. The program instructions stored in the memory (106) may include program instructions to fetch IT infrastructure alerts (108), program instructions to parse IT infrastructure alerts using a Large Language Model (110), program instructions to generate natural language summaries (112), program instructions to assess impact, risk and probability scores (114), program instructions to identify automation procedures (116), program instructions to execute agent-based workflows (118), and program instructions for human-in-the-loop control (120).
[0026] The program instructions to fetch IT infrastructure alerts (108) may cause the processor (104) to retrieve IT infrastructure alerts from the document-oriented database including but not limited to MongoDB (Tradename). A data fetching technique may be used to fetch the IT infrastructure alerts from the database based on configuration item metadata. The configuration item metadata may be related to operational features and alert metadata associated with the IT infrastructure. The program instructions to parse IT infrastructure alerts using Large Language Model (110) may cause the processor (104) to read and parse incoming IT infrastructure alerts. The program instructions (112) may cause the processor (104) to generate natural language summaries of IT infrastructure alerts for each IT infrastructure alert category. The program instructions (114) may cause the processor (104) to assess impact, risk, and probability scores using dynamically constructed prompts that incorporate real-time configuration item to application mapping obtained from a configuration management data repository. The term “configuration management data repository” refers to “Configuration Management Database (CMDB)” and can be used interchangeably. Further, the term “IT infrastructure alert” and “alert” can be used interchangeably. It may further be noted that the interchangeable use of the terms does not limit the scope of the present invention in any way.
[0027] The program instructions to identify automation procedures (116) may cause the processor (104) to identify suitable automation procedures for each IT infrastructure alert based on contextual parameters including operating system type, network device, location, alert metadata, temporal patterns from incident history, and predefined automation playbooks. The program instructions to execute agent-based workflows (118) may cause the processor (104) to utilize agent-based workflows executed using multi-agent orchestration framework including but not limited to CrewAI (Tradename), through a task orchestration module.
[0028] In various embodiments, the system (100) utilizes agent-based workflows to support automated or semi-automated processing of events, IT infrastructure alerts, or tasks within an information technology environment. An agent-based workflow refers generally to a coordination of discrete software components or agents, each configured to perform one or more defined functions in response to input data or system conditions. The agents may operate independently or in collaboration, and may be responsible for tasks such as data collection, analysis, decision-making, action execution, or communication with external systems.
[0029] The workflow may be orchestrated or managed by a controller or coordination mechanism that determines the order of agent execution, handles data passing between agents, and monitors workflow progress. The agents may be stateless or stateful, and may act based on predefined rules, learned behaviour, or contextual input. The agent-based workflow architecture enables flexibility, modularity, and scalability, and may be implemented in various computing environments, including on-premises systems, cloud platforms, or hybrid infrastructures.
[0030] In some embodiments, the system (100) utilizes a multi-agent orchestration framework to coordinate the execution of tasks performed by multiple autonomous software agents. The multi-agent orchestration framework may be configured to manage the lifecycle of agents, including instantiation, task assignment, communication, and termination. The multi-agent orchestration framework may define a workflow structure or execution graph, where each node represents a specific agent or task, and edges define dependencies or communication pathways between agents. The multi-agent orchestration framework enables agents to operate concurrently or sequentially, depending on task dependencies and execution logic. The multi-agent orchestration framework may also provide mechanisms for monitoring agent status, handling failures, retrying tasks, aggregating outputs, and enforcing execution policies. In some cases, the multi-agent orchestration framework supports dynamic decision-making, allowing the system (100) to adapt the execution flow in response to runtime conditions, alert context, or user input.
[0031] The program instructions for human-in-the-loop control (120) may cause the processor (104) to allow the user to approve or reject automation recommendations or create incident records and trigger full or partial automation through integrated application programming interfaces. The system (100) enables human-in-the-loop supervision of automated remediation workflows.
[0032] FIG. 1b illustrates the high-level architecture of the system (100) for AI powered IT infrastructure alert analysis and automated response. The system (100) comprises three primary layers: a data ingestion layer, a processing and analysis layer, and a presentation and control layer. The data ingestion layer interfaces with multiple alert sources including monitoring tools, log aggregators, and event management systems through the alert ingestion module (126). The multiple alert sources continuously stream IT infrastructure alerts into a document-oriented database, which serves as the primary alert repository. The document-oriented database can include but not limited to MongoDB (Trade Name).
[0033] The processing and analysis layer forms the core intelligence of the system (100). The AI impact analyzer module (128) receives alerts from the document-oriented database and processes them through the Large Language Model (110). The Large Language Model implementation can be executed using various cloud-based AI platforms, including but not limited to Amazon Bedrock Claude 3.5 Sonnet (Tradename). The large model language processes each alert through multiple analytical dimensions: syntactic parsing to extract structured data from unstructured alert text, semantic analysis to understand the contextual meaning and implications, and impact assessment utilizing configuration management data.
[0034] The configuration management data repository (146) serves as a critical knowledge base containing comprehensive information about IT infrastructure components, interdependencies between the infrastructure components, and business service mappings. The configuration management data repository maintains real-time data about configuration items including servers, applications, network devices, and relationships among these configuration items. The real-time data is continuously synchronized with the organization's Configuration Management Database (CMDB) through event-driven updates, ensuring that impact assessments reflect the current infrastructure state.
[0035] FIG. 2 illustrates a flowchart showing a method of performing AI powered IT infrastructure alert analysis and automated response, in accordance with an implementation of the present disclosure. In one implementation, the method may be performed using the system (100). At step 202, a plurality of IT infrastructure alerts may be fetched from a document-oriented database based on configuration item metadata using an alert ingestion module. For example, when the system (100) may be initially deployed, alerts may be fetched from multiple IT infrastructure sources including network devices, servers, applications, and security systems.
[0036] At step 204, the one or more data models may be executed to parse the alerts and generate natural language summaries using at least one Large Language Model (110). The data models may be trained using a suitable machine learning technique. For example, deep learning techniques like Convolutional Neural Networks (CNNs), Long Short-Term Memory Networks (LSTMs), Recurrent Neural Networks (RNNs), Generative Adversarial Networks (GANs), Radial Basis Function Networks (RBFNs), Multilayer Perceptrons (MLPs), Self-Organizing Maps (SOMs), Deep Belief Networks (DBNs), Restricted Boltzmann Machines (RBMs), and/or autoencoders may be used.
[0037] At step 206, impact, risk, and probability scores are assessed using dynamically constructed prompts that incorporate real-time configuration item to application mapping obtained from a configuration management data repository. The predicted scores for each alert category may be determined based on the analysis of the Large Language Model. A difference between the predicted impact scores and baseline thresholds may be determined. The difference between the predicted impact scores and baseline thresholds would indicate whether the impact of an alert requires immediate attention or can be deferred for later action. The impact scores may be associated with different network segments, business applications, or critical infrastructure components.
[0038] At step 208, each IT infrastructure alert may be associated with relevant business configuration items using dynamic configuration item to application mapping obtained from the configuration management data repository. The plurality of alerts may be clustered using a data clustering technique. Clustering performed by the data clustering technique denotes grouping the plurality of alerts into different categories based on similarity in types of alerts, impact scores, or affected business services. Further, based on the alert clustering, different remediation procedures may be identified for each cluster.
[0039] At step 210, suitable automation procedures are identified for each alert based on contextual parameters. Such parameters may include operating system type, network device, location, alert metadata, temporal patterns from incident history, and predefined automation playbooks. The recommendation engine (138) may utilize one or more of these parameters to identify the most appropriate automation procedure for each alert category. The automation procedures may be stored in a vector database (140), including but not limited to ChromaDB (Tradename), configured to store and retrieve automation options using pattern-based retrieval. The pattern-based retrieval can include but not limited to semantic similarity matching.
[0040] At step 212, AI-generated natural language summaries, risk assessments, and automation recommendations are presented for user review and approval through an interactive interface (142) built using a framework including but not limited to Streamlit (Tradename). The interactive interface component of the user interface module (134) renders natural language summaries, risk assessments, and recommended remediation actions for each IT infrastructure alert to a user.
[0041] At step 214, the system presents automation recommendations for each alert. The control mechanism (144) allows the user to approve or reject automation recommendations. If the user approves (Yes branch), at step 218, full automation may be executed via integrated APIs including but not limited to RESTful (Tradename) APIs, to trigger automated remediation workflows. The system (100) may automatically interface with an external IT Service Management (ITSM) platform via an API to log incidents upon user approval.
[0042] If the user rejects the automation recommendation (No branch), at step 216, an incident record is created or partial automation with human oversight may be triggered. The control mechanism enables human-in-the-loop supervision of automated remediation workflows, ensuring that critical decisions remain under human control while routine tasks are automated. The method enables continuous learning through feedback loops, where the outcomes of both automated and manual interventions are used to improve future recommendations. The process then converges to Stop, completing the alert analysis and response cycle.
[0043] An advantage of the present invention is that automated risk, impact, and probability scoring of infrastructure alerts using dynamically constructed prompts and real-time configuration item-to-application mapping from a configuration management data repository is enabled. Another advantage of the present invention is that an AI-powered system for analysing IT infrastructure alerts by leveraging large language models and contextual configuration data is provided, thereby assisting IT operations teams in efficiently managing alert triage and response activities. Yet another advantage of the present invention is that semantic similarity matching via a vector database is used to recommend contextually relevant automation workflows based on historical incidents, alert metadata, and operational parameters. Another advantage of the present invention is that human-in-the-loop supervision, enabling operators to review AI-generated summaries and selectively approve, reject, or escalate remediation actions via an intuitive interface is allowed. Still another advantage of the present invention is that manual effort and response time is significantly reduced by automating repetitive decision-making tasks, clustering alerts, prioritizing by business criticality, and initiating remediation via integrated APIs.
[0044] Another advantage of the present invention is that continuous learning is supported by capturing the outcomes of both automated and human-approved actions and this feedback is used to improve future recommendations and refine prompts for the AI models. An additional advantage of the present invention is that a modular and scalable architecture with agent-based orchestration frameworks is provided thereby coordinating specialized agents for pattern recognition, compatibility assessment, and confidence scoring. Further advantage of the present invention is that real-time synchronization with a configuration management data repository is supported, thereby ensuring that all impact assessments and recommendations are based on the current state of the IT infrastructure. Another advantage of the present invention is that an interactive interface is offered, which consolidates alert analysis, remediation recommendations, and operator controls into a single platform for enhanced observability and control.
[0045] An implementation of the disclosure may be an article of manufacture in which a machine-readable medium (such as microelectronic memory) has stored thereon instructions which program one or more data processing components (generically referred to here as a "processor") to perform the operations described above. In other implementations, some of these operations might be performed by specific hardware components that contain hardwired logic (e.g., dedicated digital filter blocks and state machines). Those operations might alternatively be performed by any combination of programmed data processing components and fixed hardwired circuit components.
[0046] A non-transitory computer-readable storage medium includes program instructions to implement various operations embodied by a computing device such as a laptop, desktop, or a server. The medium may also include, alone or in combination with the program instructions, data files, data structures, and the like. The medium and program instructions may be those specially designed and constructed for the purposes, or they may be of the kind well-known and available to those having skill in the computer software arts. Examples of non-transitory computer-readable storage medium include magnetic media such as hard disks, floppy disks, and magnetic tape; optical media such as Compact Disc Read-Only Memory (CD-ROM) disks and Digital Video Disc (DVD); magneto-optical media such as floptical disks; and hardware devices that are configured to store and perform program instructions, such as Read Only Memory (ROM), Random Access Memory (RAM), flash memory, and the like. Examples of program instructions include both machine code, such as produced by a compiler, and files containing higher level code that may be executed by the computer using an interpreter. The described hardware devices may be configured to act as one or more software modules in order to perform the operations of the above-described implementations.
[0047] Modules as used herein, such as alert ingestion module (126), AI impact analyser module (128), mapping engine module (130), agentic automation recommender module (132), and user interface module (134) are intended to encompass any collection or set of program instructions executable over network cloud so as to perform required tasks by the software. The modules may be stored in memory. The term “software” as used herein is intended to encompass such instructions stored in storage medium such as RAM, a hard disk, optical disk, or so forth, and is also intended to encompass so-called “firmware” that is software stored on a ROM or so forth. Such software may be organized in various ways, and may include software components organized as libraries, Internet-based programs stored on a remote server or so forth, source code, interpretive code, object code, directly executable code, and so forth. It is contemplated that the software may invoke system-level code or calls to other software residing on server or other location to perform certain functions.
[0048] Any combination of the above features and functionalities may be used in accordance with one or more implementations. In the foregoing specification, implementations have been described with reference to numerous specific details that may vary from implementation to implementation. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.
[0049] An interface may be used to provide input or fetch output from the server. The interface may be implemented as a Command Line Interface (CLI), Graphical User Interface (GUI). Further, Application Programming Interfaces (APIs) may also be used for remotely interacting with the server.
[0050] A processor may include one or more general purpose processors (e.g., INTEL® or Advanced Micro Devices® (AMD) microprocessors or Raspberry Pi® controller) and/or one or more special purpose processors (e.g., digital signal processors or Xilinx® System On Chip (SOC) Field Programmable Gate Array (FPGA) processor), MIPS/ARM-class processor, a microprocessor, a digital signal processor, an application specific integrated circuit, a microcontroller, a state machine, or any type of programmable logic array. In some embodiments, the processor may further include graphics processing units (GPUs), tensor processing units (TPUs), neural processing units (NPUs), RISC-V processors, quantum processors, or virtual CPUs (vCPUs) provisioned in a cloud computing environment.
[0051] A memory may include, but is not limited to, one or more non-transitory machine-readable storage devices such as hard drives, magnetic tape, floppy diskettes, optical disks, Compact Disc Read-Only Memories (CD-ROMs), and magneto-optical disks, semiconductor memories, such as ROMs, Random Access Memories (RAMs), Programmable Read-Only Memories (PROMs), Erasable PROMs (EPROMs), Electrically Erasable PROMs (EEPROMs), flash memory, solid-state drives (SSDs), Non-Volatile Memory Express (NVMe) devices, persistent memory (PMEM), storage-class memory (SCM), or in-memory storage systems, magnetic or optical cards. In some embodiments, the memory may include virtual memory or cloud-based storage volumes, or distributed memory systems accessed over a network. Other types of media/machine-readable medium suitable for storing electronic instructions may also be used.
[0052] The terms “or” and “and/or” as used herein are to be interpreted as inclusive or meaning any one or any combination. Therefore, “A, B or C” or “A, B and/or C” mean “any of the following: A; B; C; A and B; A and C; B and C; A, B and C.” An exception to this definition will occur only when a combination of elements, functions, steps or acts are in some way inherently mutually exclusive.
[0053] Any combination of the above features and functionalities may be used in accordance with one or more embodiments. In the foregoing specification, embodiments have been described with reference to numerous specific details that may vary from implementation to implementation. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense. The sole and exclusive indicator of the scope of the invention, and what is intended by the applicants to be the scope of the invention, is the literal and equivalent scope of the set as claimed in claims that issue from this application, in the specific form in which such claims issue, including any subsequent correction.
[0054] All third-party trademarks, service marks, and trade names referenced in this specification are the property of their respective owners and are used solely for descriptive and identification purposes to identify compatible systems and services. Such use does not imply endorsement, affiliation, or sponsorship by the trademark owners, and all trademark rights are acknowledged.
[0055] In the above description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the present systems and methods. It will be apparent the systems and methods may be practiced without these specific details. Reference in the specification to “an example” or similar language means that a particular feature, structure, or characteristic described in connection with that example is included as described but may not be included in other examples.
[0056] The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments herein that others can, by applying current knowledge, readily configure and/or adapt for various applications such specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications should and are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments. It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modification within the spirit and scope of the embodiments as described herein. , Claims:CLAIMS
I/We Claim:
1. A system (100) for Artificial Intelligence (AI) powered Information Technology (IT) infrastructure alert analysis and automated response, the system comprising:
an alert ingestion module (126) configured to fetch IT infrastructure alerts from a document-oriented database based on configuration item metadata;
an AI impact analyser module (128) comprising at least one Large Language Model (110) configured to:
read and parse incoming IT infrastructure alerts from the document-oriented database;
generate natural language summaries of IT infrastructure alerts;
assess impact, risk, and probability scores using dynamically constructed prompts that incorporate real-time configuration item to application mapping obtained from a configuration management data repository;
a mapping engine module (130) configured to associate each IT infrastructure alert with relevant business configuration items using dynamic configuration item to application mapping obtained from the configuration management data repository;
an agentic automation recommender module (132) comprising:
a task orchestration module (136) configured to utilize agent-based workflows executed using multi-agent orchestration framework;
a recommendation engine (138) configured to identify suitable automation procedures for each IT infrastructure alert based on contextual parameters including operating system type, network device, location, alert metadata, temporal patterns from incident history, and predefined automation playbooks;
a vector database (140) configured to store and retrieve automation options using pattern-based retrieval;
a user interface module (134) comprising:
an interactive interface (142) configured to display IT infrastructure alerts with natural language summaries, risk assessments, and automation recommendations;
a control mechanism (144) allowing the user to approve or reject automation recommendations or create incident records and trigger full or partial automation through integrated application programming interfaces, wherein the system (100) enables human-in-the-loop supervision of automated remediation workflows.
2. The system (100) as claimed in claim 1, wherein the Large Language Model (110) of the AI impact analyser module (128) is hosted on a cloud-based AI platform to perform natural language processing and impact assessment.
3. The system (100) of claim 1, wherein the alert ingestion module (126) retrieves IT infrastructure alerts using dynamic queries with metadata filters applied to a document-oriented database.
4. The system (100) as claimed in claim 1, wherein the vector database utilizes embedding-based semantic similarity to retrieve contextually relevant automation playbooks.
5. The system (100) as claimed in claim 1, wherein the task orchestration module (136) coordinates agent workflows using a multi-agent orchestration framework supporting asynchronous task execution.
6. The system (100) as claimed in claim 1, wherein the recommendation engine (138) generates human-readable justifications for proposed remediation actions by referencing historical incident outcomes and contextual metadata.
7. The system (100) as claimed in claim 1, wherein the interactive interface (142) is implemented as a web-based interface to provide enhanced observability and user interaction.
8. The system (100) as claimed in claim 1, wherein the control mechanism interfaces with an external IT Service Management (ITSM) platform via an API to automatically log incidents upon user approval.
9. The system (100) as claimed in claim 1, wherein the configuration item to application mapping is continuously updated in real-time using event-driven synchronization with the configuration management data repository.
10. The system (100) as claimed in claim 1, wherein the AI impact analyser module (128) assigns business criticality scores to IT infrastructure alerts, which are then used to dynamically group and prioritize the IT infrastructure alerts for downstream processing.
11. A method for Artificial Intelligence (AI) powered Information Technology (IT) infrastructure alert analysis and automated response, the method comprising:
fetching (202) IT infrastructure alerts from a document-oriented database based on configuration item metadata using an alert ingestion module (126);
reading and parsing (204) incoming IT infrastructure alerts from the document-oriented database using at least one Large Language Model (110);
generating natural language summaries of IT infrastructure alerts;
assessing (206) impact, risk, and probability scores using dynamically constructed prompts that incorporate real-time configuration item to application mapping obtained from a configuration management data repository;
associating (208) each IT infrastructure alert with relevant business configuration items using dynamic configuration item to application mapping obtained from the configuration management data repository;
utilizing agent-based workflows executed using multi-agent orchestration framework through a task orchestration module (136);
identifying (210) suitable automation procedures for each IT infrastructure alert based on contextual parameters including operating system type, network device, location, alert metadata, temporal patterns from incident history, and predefined automation playbooks;
storing and retrieving automation options using pattern-based retrieval in a vector database (140);
displaying (212) IT infrastructure alerts with natural language summaries, risk assessments, and automation recommendations through an interactive interface (142);
allowing the user to approve or reject automation recommendations or create incident records and trigger full or partial automation through integrated application programming interfaces, wherein the method enables human-in-the-loop supervision of automated remediation workflows.
12. The method as claimed in claim 11, wherein identifying suitable automation procedures comprises generating human-readable justifications for proposed remediation actions by referencing historical incident outcomes and contextual metadata.
13. The method as claimed in claim 11, comprising interfacing with an external IT Service Management (ITSM) platform via an API to automatically log incidents upon user approval.
14. The method as claimed in claim 11, comprising assigning business criticality scores to IT infrastructure alerts using the AI impact analyser module (128), and dynamically grouping and prioritizing the IT infrastructure alerts for downstream processing based on the assigned business criticality scores.
Dated this 26th day of September, 2025

BALIP AMIT ABASAHEB [IN/PA-5184]