Axiometica AIR · How it works
Autonomous Incident Resolution (AIR)
How agents ingest, detect, correlate, enrich, decide and remediate — with Slack, PagerDuty and ServiceNow in the loop
Watcher Internal monitoring agent · Brain-and-Senses architecture · deployed per-environment
polling every 10 s
Sentinel (eBPF)
Kernel-level syscall telemetry from the Senses container — detects abnormal process behaviour before it surfaces as a metric
syscall intensityconnection spikeprocess anomaly
System Stats
Container CPU, memory, disk and network metrics polled directly — per-threshold with hysteresis to suppress transient spikes
CPU spikememory surgedisk fullnet connections
Advanced Monitor
Outside-in checks from the watcher itself — HTTP/HTTPS endpoints, Ping, TCP port reachability, TLS expiry countdown, DNS resolution
HTTP healthping / ICMPTLS expiryDNSTCP port
Discovery
Periodically inspects running containers and auto-creates or updates CI nodes in Neo4j CMDB — governance properties are never overwritten
CI auto-createNeo4j syncruntime metadataevery 15 polls
Remediation
Executes runbook steps across platforms and verifies resolution — auto-rolls back if post-execution health checks fail
runbook stepshealth verifyauto rollback
anomaly detected → event emitted to ingestion pipeline
External sources
Prometheus
Splunk
Dynatrace
PagerDuty
Zabbix
ServiceNow CMDB
01
Ingest & Normalize
Events from Watcher or external webhooks normalized and classified into the Axiometica event taxonomy
Ingestion Engine
●
02
Deduplicate
Exact and near-duplicate events collapsed within a configurable sliding time window
Storm Pre-filter
●
03
Storm Detection & Correlation
Related events detected and grouped into a parent incident — triggers ServiceNow INC creation
Correlation Engine
●
04
CMDB Enrichment
Graph traversal identifies CIs, service relationships, blast radius, and ownership
CMDB Agent
●
↓ incident enriched & ready for AI analysis
05
Agentic Analysis
Tier-1 agent selects best-fit runbook, scores risk, and builds the step-by-step plan
Tier-1 Agent
●
06
Policy Gate
Confidence vs. threshold — auto-executes or sends Slack approval request to the team
Policy Broker
●
07
Execute Runbook
Multi-platform step execution — SSH, K8s, AWS, Azure, vCenter — PagerDuty acknowledged
Remediation Agent
●
08
Close & Learn
Resolves incident across ServiceNow + PagerDuty + Slack, feeds outcome to tuning agent
Tuning Agent
●
Auto-execute
Confidence ≥ threshold — runbook runs immediately. Slack notified with progress updates.
Slack approval required
Below threshold — Axiometica posts the plan to Slack with interactive buttons.
A
axiometica-air #ops-approvals
Remediation plan ready for INC-00482
K8s Scale-Out · 3 steps · confidence: 78%
K8s Scale-Out · 3 steps · confidence: 78%
Approve Reject
Integration events & notifications
SN
INC created
After correlation · auto-linked
Slack: started
#ops-incidents · plan summary
Slack: approve?
Manual path · interactive buttons
PD
PD acknowledged
During execution · suppresses pages
SN
INC resolved
Work notes + resolution code
Slack: resolved
MTTR summary + steps
PD
PD resolved
Alert closed, on-call cleared
Stage details
Live trace
Idle
Current incident
— waiting for simulation —
Click "Run incident" to simulate the full lifecycle including Slack and ServiceNow events.