Skip to main content
This page contains frequently asked questions about DroidAgent and its capabilities. Find answers to common queries about investigations, security, and workflow integration.

How DroidAgent Works

DroidAgent builds company-level intelligence by gathering context from multiple sources during investigations: DroidAgent Architecture - How it builds company-level intelligence during investigations The agent combines real-time context (alerts, issues, ongoing investigations), integration-level context from tools like Coralogix, Grafana, and Kubernetes, plus uploaded documents and runbooks to conduct thorough investigations.

Investigations

DroidAgent has been given context of patterns in your logs. Along with that, it leverages the information of ongoing alerts, any runbooks or documents and its innate knowledge of error debugging and monitoring to try different queries.It can try multiple different queries in case it doesn’t find success with one of them.
Based on the alert, it creates a plan of potential root causes and tries to find evidence to validate/disvalidate each hypothesis.To create the plan, it uses a combination of real-time context (what alerts are going on), what dashboards/integrations exist in context of that alert/service and what documents are accessible.
The agent is using SOTA models with deep understanding of modern day cloud, infrastructure, engineering design principles and SRE practices. Using the combination of this knowledge, and the custom context provided to it, it’s able to decide the commands to run on a cluster.
The agent has been trained to understand the relevance of different time windows in context of an alert (e.g. it can decide to get metrics for a timewindow just before the alert, or for the same timewindow in a previous day/week setup or at the current time to check if the issue is still ongoing).It prioritizes alert_time when it finds context in some document or alert itself.

Data & Agent Security

DroidAgent implements multiple layers of security to protect your data and infrastructure: Agent & Data Security - Security layers and data protection mechanisms The architecture shows how the Agent Engine and Execution Engine work together with safety checks, RBAC, PII scrubbing, and secure key management.
No. For all the integrations, the agent does not have access to keys — it only has access to request specific API executions and the execution engine stores the keys securely in a database.Additionally, there are guardrails in place to avoid agent from running unauthorised state-change or critical commands.
The agent does NOT have access to execute write commands by default. It can be given the access to execute commands with appropriate roll-backs and permissions in place. This can be done run-time or pre-configured based on specific situations as per the team’s context.
DroidAgent implements multiple layers of security including RBAC and access management, PII scrubbing, safety checks, and built-in guardrails to prevent unauthorized operations. The execution engine can be deployed within your VPC for additional security.

Workflow Integration

DroidAgent seamlessly integrates into your existing workflows without requiring changes to your current setup: Works in your workflows - No changes required to existing tools Key benefits include no metrics or logging tool changes, auto-sync with ticketing and on-call tools, RBAC integration, and lightweight configuration.
No metrics or logging tool changes required. DroidAgent auto-syncs with your ticketing and on-call tools, has RBAC and access management integration, and is lightweight and quick to configure.
DroidAgent integrates with Grafana, Coralogix, New Relic, Datadog, PagerDuty, Opsgenie, Slack, Jira, Kubernetes, cloud platforms (AWS, Azure, GCP), and databases.
DroidAgent is lightweight and quick to configure. It works with your existing monitoring infrastructure, auto-discovers your tools, and doesn’t require downtime during installation.
You can upload custom runbooks, configure specific integrations, customize alert routing, and define investigation scope and permissions.
I