Knowledge Discovery Engine (KDE)
Dependency-aware root cause and blast radius reasoning grounded in live relationship structure.
KDE is part of Actionable Observability and runs on the AIM foundation.
Start with AIM to build your asset and dependency model. Then add Actionable Observability to unlock KDE reasoning.
AIM has a free trial. Actionable Observability does not.
KDE evaluation requires Actionable Observability enabled on top of AIM.
What KDE Does
The Knowledge Discovery Engine is the reasoning layer inside Actionable Observability.
KDE Continuously
- Classifies assets and signals so analysis starts in the right context
- Learns normal behavior using adaptive baselines
- Detects anomalies and drift
- Groups related symptoms under a single initiating cause
- Calculates scope and impact across dependencies
- Suggests next steps based on impact and risk, with explainable reasoning
Instead of asking operators to interpret alert floods manually, KDE shows where the issue started and what it touches.
How KDE Works
Inputs
Metrics, logs, traces, and flow data- Cloud, SaaS, and orchestration telemetry
- Security, performance, and availability signals
- Change events such as scaling and configuration updates
Processing
- Normalizes signals to the correct assets
- Builds adaptive baselines from real behavior
- Detects abnormal conditions and drift
- Traverses dependency structure to isolate cause and compute impact
- Groups downstream symptoms under the initiating cause
Outputs
- Identified initiating cause
- Calculated downstream service impact
- Visible dependency path behind each conclusion
- Forward-looking risk indicators (change and dependency risk)
- Clear next-step guidance
Why This Matters in Real Operations
Incident Response
Alert storms often mask the first failure. KDE isolates the initiating cause and shows which services are truly affected.
Proactive Operations
Behavioral drift and degradation trends surface before failure cascades.
Change and Risk Management
Before approving a change, teams can evaluate likely downstream impact based on real dependency structure.
What to Test During Technical Evaluation
Use this checklist to confirm KDE delivers reliable conclusions, not just more signals.
Insight Accuracy
- Confirm anomalies reflect real degradation, not expected behavior
- Validate baselines adapt to daily and seasonal patterns
- Inspect how KDE explains why a condition matters
Root Cause and Impact
- Confirm initiating causes are identified, not just symptoms
- Trace how downstream impact is calculated using dependency context
- Verify alerts are grouped by cause, not by volume
Predictive Capability
- Validate forward-looking insights (trend drift, capacity exhaustion)
- Confirm predictions update as conditions change
- Assess usefulness for planning, not just response
Built on the WanAware Relationship Graph
KDE evaluates signals against the live dependency structure maintained by the Relationship Discovery Engine (RDE).
That structure:
- Stores relationships as a queryable model
- Updates as assets scale, move, or fail over
- Preserves service identity even as infrastructure shifts
- Enables fast upstream and downstream traversal
Without current dependency structure, cause and impact reasoning drifts.
If you need to verify update behavior, traversal depth, and model explainability, review the Relationship Graph Architecture Deep Dive.
Key Terms (Quick Definitions)
Dynamic baseline
Learned “normal” behavior that updates as patterns change
Anomaly
A signal that differs from expected behavior
Drift
Gradual behavioral change that may lead to failure
Initiating cause
The first failure that explains downstream symptoms
Total scope of impact
Everything affected downstream, based on dependencies
Noise suppression
Reducing alert volume by grouping symptoms under a single cause
Frequently Asked Questions
How is KDE different from traditional monitoring?
Traditional monitoring reports conditions and alerts. KDE identifies an initiating cause and calculates downstream impact using the live dependency model, with a visible dependency path behind each conclusion.
Can I trial KDE directly?
Not directly. AIM has a free trial to build your asset and dependency foundation. KDE is part of Actionable Observability, which is an add-on (no trial) enabled on top of AIM.
Does KDE rely only on static thresholds?
No. KDE learns normal operating patterns using adaptive baselines and flags anomalies and drift when behavior changes.
How does KDE reduce alert fatigue?
It groups downstream symptoms under a single initiating cause using dependency paths, so responders can focus on what started the issue and what it affects.
What should I use to evaluate KDE quickly?
Use the Evaluator Test Plan for step-by-step scenarios, and the Evaluation Checklist for consistent scoring across vendors.
