International Business Machines Corporation
MAKING SECURITY RECOMMENDATIONS

Abstract:

Embodiments are disclosed for a method. The method includes determining multiple recommended actions based on a security incident using an action model trained to make recommendations. The method also includes determining multiple similar targets to a target of the security incident using a collaborative filtering model trained to assign a confidence value of similarity between two targets. The method further includes assigning a plurality of weights to the recommended actions based on one or more actions taken by the similar targets and the confidence value, and a success or failure of the recommended actions. Additionally, the method includes generating a prioritized list of the recommended actions that is sorted based on the assigned weights.