LinkEye — Network Intelligence Platform

MISSION CONTROL

Outcomes & Agents

LIVE · streaming Last 24h activity from the LinkEye agent fleet

Incidents resolved

last 24h · agent-led

$2.77M

Risk reduced

annualized · 30 outcomes tracked

47h

Operator time saved

this week · vs manual baseline

99.97%

Fleet availability

8 sites · current

Outages averted

predicted · fixed before user impact

Agent ↔ agent comms live

A2A protocol · shared semantic context · auditable

Global activity 8 sites · 3 with active agent work

active agent work

active drift

investigating

on-intent

The agent fleet

9 specialist agents covering the operator's full job · each shows last-24h work and human-time saved

🩺

RCA Agent

Cause-chain investigator

Traces user-reported symptoms backwards to non-obvious root causes. Owns 12 of the last 24h findings.

12cases owned

14htime saved

⇄

Change Validation Agent

Post-deploy verifier

Triggers automatically when CHG records close. Validates declared intent vs observed reality. Caught 4 silent drifts.

18CHGs validated

9htime saved

🎧

Helpdesk Agent

L1 triage & clustering

Reads incoming tickets, clusters by symptom, escalates to the right specialist. Closed 38 tickets without escalation.

142tickets triaged

11htime saved

⚖

Governance Agent

Policy & SOC2 enforcement

Watches for policy drift, compliance evidence, and audit-trail completeness. Generated this week's SOC2 evidence pack.

3policy drifts caught

6htime saved

🔍

Config Drift Agent

Declared-vs-observed sweeper

Runs continuous diff between LLD intent and running configs. Caught the DSCP re-mark and ECMP hash drifts this week.

6drifts surfaced

8htime saved

📈

Capacity Planning Agent

Forward-looking saturation

Watches utilization trends and predicts breach windows. Flagged 5 predicted-failure findings ahead of impact.

5predictions raised

3outages averted

🛡

Security Posture Agent

Exposure & vulnerability

Cross-references CVE feeds with running OS versions. Tracks shadow-SaaS adoption. Surfaced 2 critical patching gaps.

2CVEs flagged crit

4htime saved

⚙

Patch & Lifecycle Agent

OS, optic, & cert health

Tracks vendor lifecycle, EoL, certificate expiry, and proactive optic replacement. Pre-staged 4 maintenance items.

4items scheduled

5htime saved

📋

Audit Agent

Evidence & attestation

Compiles SOC2 / ISO27001 evidence packs. Reconciles auditor-requested artifacts against the SIAA semantic graph.

1attestation pack

3htime saved

Runtime infrastructure

What keeps the agents safe, persistent, and accountable · click any tile for detail

⛨

Guardrails

Policies every agent must obey. Cannot deploy during freeze windows; cannot bypass change approvals; cannot read PII without scoped tokens.

14active rules

0violations today

⟲

Memory

Short-term context per investigation + long-term lessons. "This fix worked before for similar symptoms." Survives across sessions.

1.4Mtokens in shared ctx

42lessons learned

⊕

Approvals

Anything that writes to production routes through here. Agents propose, humans approve. SLA-tracked, audited, reversible.

3awaiting human

8moldest pending

▤

Audit trail

Every decision, every tool call, every A2A message is recorded. Replayable for post-mortems. SOC2 evidence-ready.

8,420actions logged

100%replayable

Outcome highlights

Notable wins from the last 24h · click any card for the full RCA detail

CHANGE VALIDATION · CRIT

Zoom traffic re-routed by overly broad SD-WAN policy · 240 users restored

CHG-2940 was deployed to "force all internet traffic through inspection" — the policy was too broad and pulled SaaS through an NYC tunnel, costing 104ms of latency. DEX agents flagged the regression 18 min after deploy. Path Tracer confirmed the architectural drift in 6 min. Auto-rollback proposed, approved by NOC, executed.

Detected in 18 min Resolved in 47 min total Risk avoided $194K/yr

CONFIG DRIFT · HIGH

Access-switch template stripped DSCP · 290 IP phones losing WAN priority

A CMDB-cleanup template push silently re-marked DSCP to default on every user port across 12 access switches. Voice still flowed — but lost priority on the WAN. Quality only degraded during busy windows. Config Drift Agent caught it during the daily declared-vs-observed sweep · 7 days later than ideal, but before any user-blocking incident.

Devices affected 12 switches · 480 ports Phones at risk 290 Risk avoided $32K/yr

CAPACITY · HIGH

ECMP hash narrowing collapsed backup flow to one uplink · SLA window blown

CHG-3091 narrowed the port-channel hash from 5-tuple to 3-tuple. The nightly backup is a single (src-IP, dst-IP) flow — under 3-tuple hashing, it deterministically pinned to one physical uplink at 94% while three peers sat at 12%. Stack-average looked healthy. Capacity Planning Agent saw the imbalance during its daily flow-balance sweep.

Window blown 6h → 11h Imbalance 94% / 12% / 12% / 13% Risk avoided $22K/yr

AGENT DETAIL

LINKEYE

SIAA

Semantic Infrastructure Abstraction for AI

The 5-layer engine that turns vendor configs, vendor logs, vendor telemetry, and operator intent into a single semantic model agents can reason over. Every outcome on the previous screen was produced by an agent walking down this stack.

L01

Design Intent

Architect declares what should be true. HLD, LLD, SOPs, tooling stack, IP plans, site criticality — ingested and parsed into structured intent.

→ produces: declared topology, declared service paths, declared SLAs

→

L02

AI Network Bridge

Multi-vendor data plane abstraction. gNMI, NETCONF, SNMP, syslog, sFlow, IPFIX, DEX endpoint telemetry — vendor differences erased, signals normalized.

→ produces: 17 polling sources, ~144k probes/hr, vendor-neutral signals

→

L03

Operational Knowledge

Operational context. ServiceNow tickets, CMDB ownership, Nautobot lifecycle, change records, on-call rosters — the who, what, when, why around every signal.

→ produces: 14 context sources, operational knowledge graph

→

L04

Semantic Layer

The keystone. Three lower graphs fused into one semantic model. Every entity — device, site, service, person, change, incident — viewable across 8 semantic dimensions.

→ produces: 62 entities · 8 dimensions · one queryable model

→

L05

MCP Layer

Tool surface. Exposes 14 MCP tools — query_entity, get_current_state, traverse_dependencies, check_intent_drift, get_blast_radius — that agents (and humans) call to reason over the semantic model.

→ produces: 14 MCP tools, OAuth+mTLS auth, RBAC-scoped access

→

↑

AGENTIC RUNTIME

Agents at work

9 specialist agents consume the MCP tool surface and produce the outcomes you saw on the previous screen. RCA, Change Validation, Helpdesk, Governance, Config Drift, Capacity, Security, Patch & Lifecycle, Audit.

Tap any layer to open it · or close this and return to Mission Control

Knowledge Documents 0 files

📄

High-Level Design

HLD document (PDF, DOCX)

📋

Low-Level Design

LLD document (PDF, DOCX)

📝

SOPs & Runbooks

Operational procedures

Network Data 0 files

🔢

Subnet & IP Plan

CSV, XLSX — subnet definitions

🗺️

Sites Data

Location, criticality, business function

Declared Tooling Stack From architect intent

NMS · Network monitoring

🗺NautobotSoT 🌅SolarWinds 📡LogicMonitor 🧭NetBrain

ITSM · Ticketing

🎫ServiceNowprimary 🎟Freshservice 🗂BMC Remedylegacy

Observability · Automation

📈Datadog 🔔PagerDuty ⚙️Ansible

These tools will be polled by Layer 02. Any divergence between what they declare and what LinkEye observes becomes a drift finding.

Architect Intelligence Chat

AI-guided

Welcome, Architect.
I'm here to help build the onboarding knowledge graph for ABC Corp. Let's start with intent — tell me about the network you've designed. What is it built to support, and what are the most critical sites or services?

Onboarding Knowledge Graph building…

Sites

Services

Subnets

Relations

⬡

Upload documents or chat to build graph

Site Service Business Function Critical Subnet

Polling Engine

Overall collection 0%

Devices

Sources

Metrics/s

Events

Active Collection Tasks

Live Topology Graph Building current state… 0 nodes

📡

Polling initializing…

Healthy Warning Critical External Source

Collection Evolution

Phase 1 — Discovery

SNMP/SSH sweep of all declared subnets. Device inventory established.

Phase 2 — Telemetry Expansion

gNMI streaming enabled on supported devices. NetFlow/IPFIX activated on edge routers.

Phase 3 — Controller Integration

Meraki, Cisco DNA Center APIs polled. Wireless client & AP data ingested.

Phase 4 — Extended Sources

APM, SIEM, DDI integrations activated based on discovered services.

External Integrations

Collection Insights

Awaiting data…

Context Sources12 integrated

ITSM · Ticketing

🎫

ServiceNow

ITSM · Incident & Change

LIVE

Open incidents14

Changes (7d)7

CMDB assets synced312

🔔

PagerDuty

On-call · Escalation

LIVE

Active on-callNOC-Team-2

Open alerts3

MTTA (7d avg)4m 12s

🏗️

Jira

Engineering · Workflow

LIVE

Infra issues open8

Sprint velocity42 pts

🎟️

Freshservice

ITSM · SMB-focused

LIVE

Open tickets31

Auto-resolved (7d)18

🗂️

BMC Remedy

ITSM · Enterprise legacy

SETUP

NMS · Network monitoring

🗺️

Nautobot

NMS · Network source-of-truth

LIVE

Devices in source-of-truth1,840

IP ranges tracked2,210

Bidirectional syncActive

🌅

SolarWinds NPM

NMS · Performance monitoring

LIVE

Monitored nodes1,612

Active alerts23

Polling cadenceSNMP · 30s

📡

LogicMonitor

NMS · SaaS observability

LIVE

Resources monitored2,940

Datapoints/min42k

Anomalies (24h)7

🧭

NetBrain

NMS · Automation + diagnostics

SETUP

📍

Zabbix

NMS · Open-source monitoring

SETUP

Observability · User context

📧

Microsoft 365

User context · Org graph

SETUP

📊

Datadog

APM · Infrastructure

SETUP

Learned Playbooks4 active

BGP Session Drop

Reset peer → verify timer sync → escalate if persists

WAN Circuit Failover

Verify failover path → notify provider → update NOC

High CPU — Core Router

Check process table → ACL drops → engage TAC

Wireless Client Auth Failure

ISE policy check → RADIUS log → AP reassoc

Operational Knowledge Graph 0 nodes

🔗

Loading operational context…

Engineer/Team Incident Pattern Playbook Tool/Platform Device (operational)

Recent IncidentsServiceNow

INC0012458

Core router BGP flap — NYC ↔ Lumen

P1 · 2h ago

INC0012441

Branch WAN circuit degraded (Mumbai)

P2 · 6h ago

INC0012399

DHCP pool exhaustion — VLAN 40

P2 · 1d ago

INC0012388

Wireless auth failure (10 clients)

P3 · 1d ago

INC0012301

NTP drift detected on 3 devices

P3 · 3d ago

Team & Ownership

Rajesh Kumar

Lead Network Engineer · On-call

ONCALL

Sandeep Pillai

NOC Team Lead · EMEA

Anil Mehta

Network Architect · Design owner

Operational Memorylearned

Pattern frequency (90d)

BGP session drops 8×

WAN degradation 5×

Auth failures 3×

L01 · Onboarding Graph · 24 nodes L02 · Telemetry Graph · 16 nodes L03 · Operational Graph · 16 nodes ⟹ TESSERACT · 0 SEMANTIC ENTITIES 0 semantic edges

⬙

One entity · eight dimensions · everything connected

The three lower-layer graphs (declared intent, live telemetry, operational state) are fused into a single semantic model. Each entity — a device, site, service, person — is viewable across 8 dimensions simultaneously. Click any node to see what it was designed to be, what it's doing right now, who owns it, what depends on it, and what's gone wrong before — all in one view. This is what makes agentic reasoning possible.

⌕ ⌘K

CORE-RTR-01 ERP Service HQ Site Rajesh Kumar BGP Flap Pattern BGP Protocol

Semantic Dimensions 8

Tesseract Graph Overall view · all dimensions fused 0 entities

⬙

Initializing semantic fusion across Onboarding, Telemetry, and Operational graphs…

Device Site Service Person/Team Business Fn Click any node to explore across 8 dimensions

Entity — Tesseract View select entity

◇

Search or click any entity in the graph to view it across all 8 semantic dimensions — Design, Telemetry, Operational, Protocol, Dependency, Risk, History, and Business meaning.

Requests / min

Active Consumers

Tools Exposed

42ms

p50 Latency

MCP Tools Exposed 14

MCP Gateway — Live Traffic Semantic Tesseract → Consumers

Live Request Log

0 req/s

Active Consumers 6

Access Governance policy

Authentication OAuth 2.1 + mTLS

Rate limit 100 req/min per client

Audit logging Enabled

PII redaction Enabled

Scope enforcement RBAC + tenant-scoped

Write operations Require approval

◎ Agent Operations 16

⚠ Outcomes & RCA 14

⏱ Network Timeline 42

Active Agents

128

Tasks Completed (24h)

342

A2A Messages (1h)

Pending Approvals

Use-Case Agents Purpose-built 16 agents

LLM Pool Model routing 11 models

Agent Orchestrator Live workflow RUNNING

Agent-to-Agent Communication Live inter-agent traffic

Shared Context Via MCP live

Current Incident

INC-0012458 · P1

BGP session flap · CORE-RTR-01 ↔ ISP-A

Context Shared Across Agents

entity.focus CORE-RTR-01

semantic.dim protocol, risk

blast_radius 47 endpoints

owner Rajesh Kumar

pattern.match BGP-flap-×8

Human Approvals Required

Execute BGP clear neighbor on CORE-RTR-01 — awaiting on-call engineer approval via Slack.

Failure Modes Tracked

Drifts + predicted + historical

Active Risk

Currently affecting production

Predicted

> 60% likelihood in 30d

Auto-fixable

By agent, no human needed

$5.0M

Risk Exposure

Revenue + compliance annualized

All20 Active Drift12 Predicted5 Pattern3

All Critical High Medium

◇

Select a failure mode on the left to see the expected outcome, cause chain, and recommended resolution path.

OUTCOME → CAUSE → FIX

Scope All Sites AMER EMEA APAC Data Centers

Window 24h 7d 30d

Layers Config Changes Drifts Network Pulse Issues

312

Config changes

Active drifts

Pulse anomalies

Correlated issues

4m 12s

Avg MTTD

Network event timeline Last 7 days · all sites

Config change

Drift

Pulse anomaly

Issue / ticket