Skip to main content

AI Use Cases - KillIT v3 Implemented Features

Version: 3.6.6 Last Updated: October 29, 2024 Status: Production Ready

Overview

KillIT v3 integrates AI capabilities through AWS Claude (via Bedrock) and OpenAI to provide intelligent infrastructure management. This document outlines the actual implemented use cases currently in production.

Table of Contents

  1. Business Service Analyzer
  2. CI Insights Generation
  3. AI Relationship Discovery
  4. Change Risk Analysis
  5. AI Chatbot with Function Calling
  6. Event AI Analysis
  7. Holiday Generator
  8. Embedding-Based Search
  9. Scan Data Enrichment
  10. Software Catalog Enrichment

1. Business Service Analyzer

What It Does

The Business Service Analyzer uses AI to automatically discover, classify, and analyze business services within your IT infrastructure through a four-stage process:

  1. Enrichment: Analyzes service descriptions and suggests related software, processes, ports, and search patterns
  2. Discovery: Identifies infrastructure components based on patterns and network analysis
  3. Classification: Classifies discovered servers by role and tier (frontend, application, data, infrastructure)
  4. Insights: Generates comprehensive architecture analysis including dependencies, risks, and recommendations

API Endpoints

POST /api/business-service-analyzer/enrich
POST /api/business-service-analyzer/discover
POST /api/business-service-analyzer/classify
POST /api/business-service-analyzer/insights
POST /api/business-service-analyzer/save
POST /api/business-service-analyzer/infrastructure-analysis
GET  /sse/business-service-analyzer/infrastructure-analysis/progress/:sessionId

How to Use

Scenario: Discovering an e-commerce platform's architecture

  1. Describe the service: "E-commerce platform handling online product sales, customer management, and payment processing"
  2. Select known software: Apache, MySQL, Redis, Java application servers
  3. AI enriches: Suggests additional processes (web servers, cache, load balancers), ports (443, 3306, 6379)
  4. System discovers: Scans and identifies 8 servers, 47 connections
  5. AI classifies: 2 frontend servers, 3 app servers, 2 database servers, 1 cache server
  6. AI analyzes: Identifies single points of failure, suggests redundancy improvements
  7. Save service: Stores complete service definition for future reference

Business Value

  • Time Savings: Reduce infrastructure documentation from weeks to hours
  • Risk Reduction: Identify architectural weaknesses and single points of failure
  • Compliance: Generate documentation for audits and compliance requirements
  • Optimization: AI-driven recommendations for redundancy, scalability, and performance

AI Models Used

  • Claude Haiku 4.5: Enrichment and discovery (fast, cost-effective)
  • Claude Sonnet 4.5: Classification and insights (more detailed analysis)

Code Location

/backend/services/businessServiceAnalyzer/
├── enrichmentService.js          # Service enrichment with AI
├── classificationService.js       # Server role/tier classification
├── insightsService.js            # Architecture analysis
└── infrastructureAnalysisService.js  # Full infrastructure discovery

2. CI Insights Generation

What It Does

Generates AI-powered insights about Configuration Items (CIs) - servers, software, applications, and network devices. For each CI, the system analyzes properties and relationships to provide understanding of:

  • Purpose: What the CI does in the organization
  • Criticality: How important it is to business operations
  • Dependencies: What depends on it and what it depends on
  • Risks: Potential vulnerabilities or issues
  • Optimization: Recommendations for improvement

API Endpoints

GET  /api/cmdb-ai/insights/:ciId
POST /api/cmdb-ai/insights/:ciId           # Generate and store
GET  /api/cmdb-ai/insights/:ciId/history   # View history

How to Use

Scenario: Quick understanding of a production database server

  1. Click "AI Insights" on a CI record
  2. System analyzes: Type, status, criticality, relationships, recent changes
  3. AI generates insights explaining its role, criticality, connected systems
  4. Results stored in MongoDB (ciAiInsights collection)

Business Value

  • Faster Decision Making: Understand CI purpose without deep investigation
  • Context: Impact analysis and change management decisions
  • Historical Tracking: View how understanding of a CI has changed over time
  • Onboarding: New staff understand system architecture faster

Code Location

/backend/
├── services/scanProcessors/ciai_insights.js
├── controllers/cmdb-ai-controller.js
└── routes/cmdb-ai.js

3. AI Relationship Discovery

What It Does

Automatically discovers and creates relationships between CIs based on network communication patterns. When system scans detect network traffic between systems, AI analyzes these connections to infer logical relationships (depends-on, hosts, communicates-with, etc.).

API Endpoints

POST /api/cmdb/ai-relationships/analyze/:ciId           # Analyze new relationships
POST /api/cmdb/ai-relationships/analyze-existing/:ciId  # Analyze existing
POST /api/cmdb/ai-relationships                         # Create relationship
PUT  /api/cmdb/ai-relationships/:id                     # Update
GET  /api/cmdb/ai-relationships                         # List
DELETE /api/cmdb/ai-relationships/:id                   # Delete

How to Use

Scenario: Understanding database server dependencies

  1. Raw scan data shows Network connections from multiple servers to database
  2. AI analyzes: Protocols, ports, source processes
  3. For each connection, AI determines:
    • Relationship type (application uses database, backup agent connects, etc.)
    • Confidence score (0.0 - 1.0)
    • Explanation of the relationship
  4. Creates CMDB relationships with confidence scores

Business Value

  • CMDB Completeness: Reduce manual relationship mapping by 70%+
  • Dependency Discovery: Find undocumented connections automatically
  • Change Impact: Better understand what breaks if a system goes down
  • Automated Accuracy: Confidence scores help prioritize validation

Relationship Types Generated

  • depends-on: Application requires service
  • hosts: Virtual host on physical server
  • communicates-with: Network communication detected
  • backup-of: Backup relationship
  • replicates-to: Data replication
  • aggregates-to: Monitoring/collection relationships

Code Location

/backend/
├── services/scanProcessors/ciairelation_processor.js
├── controllers/ciairelationshipcontroller.js
└── routes/cmdb.js

4. Change Risk Analysis

What It Does

Analyzes proposed changes for risk, impact, and provides AI-driven recommendations. Before implementing a change, the system evaluates:

  • Dependent systems that could be affected
  • Upstream dependencies that could impact the change
  • Historical similar incidents
  • Risk level and mitigation strategies
  • Optimal timing for the change

API Endpoints

POST /api/change-analysis/analyze           # Full analysis
POST /api/change-analysis/quick-assess      # Fast assessment
POST /api/change-analysis/compare           # Compare scenarios

How to Use

Scenario: Planning a database server update

  1. Initiate change analysis with: Server details, change type (patch, upgrade, reboot), planned timing
  2. System identifies: 3 applications, 2 batch jobs, 1 reporting system dependent
  3. AI analyzes: Each dependent, their criticality, recent incidents
  4. System generates: Risk score (1-10), impact summary, mitigation steps
  5. Recommendation: Perform change on Sunday 2 AM when load is minimal

Business Value

  • Risk Reduction: Reduce change-related incidents by 40-60%
  • Faster Approvals: Data-driven risk assessment speeds change boards
  • Confidence: Understand exactly what could break
  • Compliance: Documented change justification for audits

Code Location

/backend/
├── services/ai/changeRiskAnalysisService.js
└── controllers/changeAnalysisController.js

5. AI Chatbot with Function Calling

What It Does

A conversational AI chatbot that understands natural language questions about your infrastructure and executes specific functions to retrieve and analyze data. Uses Claude's function calling to:

  • Query CMDB by CI name or type
  • Search relationships between systems
  • Analyze analytics and metrics
  • Search events and incidents
  • Provide context-aware assistance

API Endpoints

POST /api/chatbot    # Send message with multi-turn conversation support

How to Use

Example Conversation:

User: "Show me all production databases"
Bot: [Calls tool: search-cis with filter for databases in production]
Bot: "I found 4 production databases: MySQL-01, Oracle-02, PostgreSQL-01, MongoDB-01"

User: "What applications use the MySQL database?"
Bot: [Calls tool: search-relationships for CIs that depend on MySQL-01]
Bot: "Three applications use MySQL-01: Order System, Inventory Manager, and Customer Portal"

User: "Have we had any incidents with these systems recently?"
Bot: [Calls tool: search-events for recent incidents on these CIs]
Bot: "Yes, Order System had a database connection timeout 2 days ago..."

Available Functions

  1. search-cis: Find CIs by name, type, or status
  2. get-ci-details: Retrieve full CI details and relationships
  3. search-relationships: Find CIs with specific relationships
  4. analytics-query: Get metrics, costs, incident trends
  5. search-events: Find recent incidents and events
  6. get-context: Get current page/CI context

Business Value

  • Democratized Access: Non-technical users query infrastructure via natural language
  • Training Reduction: No need to learn complex search syntax
  • Speed: Get answers in seconds instead of minutes
  • Context Awareness: Bot understands conversation history

AI Model

  • Claude 3.7 Sonnet: Latest model for superior function calling
  • EU Inference Profile: European region deployment for data residency

Code Location

/backend/
├── services/ai/aiChatbot.js
├── services/ai/aiChatbotTools.js
└── routes/aiChatbot.js

6. Event AI Analysis

What It Does

Automatically analyzes events and incidents for anomalies and root causes. When events are ingested, background workers:

  1. Extract context (event details, affected CIs, related events)
  2. Analyze patterns and historical data
  3. Generate anomaly score (0-1 indicating how unusual)
  4. Provide root cause hypothesis
  5. Suggest remediation actions

API Endpoints

Background job via event ingestion (automatic processing)

How to Use

Scenario: Database connection pool exhaustion event

  1. Event arrives: "PostgreSQL database - connection pool at 95%"
  2. System analyzes: CI type, recent events, related processes
  3. AI generates:
    • Anomaly Score: 0.87 (very unusual)
    • Root Cause: "3x normal connection requests from web tier, possible connection leak"
    • Related Events: Found 4 similar events in past year
    • Recommended Action: "Check web application logs for hung connections"

Business Value

  • MTTR Reduction: Faster incident resolution with root cause guidance
  • Pattern Recognition: Identify recurring issues automatically
  • Automation: Feed results to incident management systems
  • Learning: Improve accuracy over time with feedback

Code Location

/backend/workers/eventAIAnalysisWorker.js

7. Holiday Generator

What It Does

Uses AI to generate accurate holiday calendars for any country and year, including:

  • Fixed holidays (New Year's Day, Christmas, etc.)
  • Floating holidays (Ramadan, Eid, Easter, etc.)
  • Regional holidays
  • Professional holidays

Used for maintenance scheduling, SLA calculations, and availability planning.

API Endpoints

POST /api/ai/holiday-generator   # Generate holidays for country/year

How to Use

Example:

POST /api/ai/holiday-generator
{
  "country": "Turkey",
  "year": 2025,
  "includeRegional": true
}

Response:

{
  "country": "Turkey",
  "year": 2025,
  "holidays": [
    { "date": "2025-01-01", "name": "New Year's Day", "type": "fixed" },
    { "date": "2025-04-23", "name": "National Sovereignty Day", "type": "fixed" },
    { "date": "2025-04-30", "name": "Ramadan Feast (Estimated)", "type": "floating" },
    ...
  ]
}

Business Value

  • Accurate Calendars: Multi-country holiday support without manual maintenance
  • Maintenance Planning: Schedule maintenance outside holidays for compliance
  • SLA Calculations: Exclude holidays from availability targets
  • Global Operations: Support for international teams and regions

AI Model

  • OpenAI GPT: Primary model (if OPENAI_API_KEY configured)
  • Fallback: Predefined holiday database if AI unavailable

Code Location

/backend/
├── services/ai-holiday-generator.service.js
├── controllers/ai-holiday-generator.controller.js
└── routes/ai-holiday-generator.route.js

What It Does

Generates vector embeddings for CIs and relationships, enabling semantic similarity searches. These embeddings power:

  • Semantic CMDB search (find similar systems without exact keywords)
  • RAG (Retrieval-Augmented Generation) for context-aware responses
  • Knowledge base integration
  • Pattern matching and anomaly detection

API Endpoints

POST /api/cmdb-ai/embeddings       # Generate embeddings
Various RAG-powered search endpoints

How to Use

Scenario: Finding systems similar to a known problematic server

  1. User describes: "Looking for systems similar to our MySQL production server"
  2. System embeds the description and queries
  3. Vector search finds CIs with similar characteristics
  4. Results ranked by relevance score
  5. Helps identify systems that might have similar issues

Business Value

  • Semantic Search: Find systems without knowing exact names
  • Knowledge Integration: Connect CMDB with documentation
  • Pattern Matching: Identify similar problems across systems
  • Better Insights: Use embeddings in analytics and reporting

AI Model

  • AWS Bedrock Embeddings: Efficient, scalable vector generation

Code Location

/backend/
├── services/ai/embedding-service.js
├── services/ai/rag-service.js
└── controllers/cmdb-ai-controller-fix.js

9. Scan Data Enrichment

What It Does

Automatically enriches raw scan data (from WMI, SNMP, network monitoring tools) with AI-generated insights:

  • Infers CI purpose from process names, software, ports
  • Identifies CI roles (web server, database, load balancer, etc.)
  • Detects unusual configurations or security issues
  • Generates business context from technical data

How It Works

  1. Raw scan data arrives (processes, installed software, network connections)
  2. System extracts structured data
  3. AI analyzes and generates insights
  4. Enriched data stored in CMDB with confidence scores

Business Value

  • Automation: Reduce manual CMDB data entry by 70%
  • Consistency: All scans enriched with same logic
  • Timeliness: Insights generated immediately after scan
  • Completeness: Capture information scanners miss

Code Location

/backend/services/scanProcessors/fixed_extraction.js

10. Software Catalog Enrichment

What It Does

Uses AI to suggest and enrich software catalog entries with additional metadata:

  • Vendor information
  • License type and compliance
  • Support status and EOL dates
  • Common vulnerabilities
  • Related software recommendations
  • Industry classifications

API Endpoints

POST /api/cmdb-settings/software-catalog/enrich-ai   # Enrich entries

How to Use

  1. Catalog administrator imports software list
  2. Click "AI Enrich" on catalog
  3. System generates:
    • Vendor and version information
    • License recommendations
    • Compliance status
    • Vulnerability associations
    • Related software suggestions
  4. Admin reviews and approves/modifies suggestions

Business Value

  • Faster Catalog Setup: Reduce manual data entry 80%
  • Consistency: All entries enriched with same standards
  • Compliance: Auto-detect license and support requirements
  • Security: Flag software with known vulnerabilities

Code Location

/backend/routes/cmdbSettings.js

AI Infrastructure & Monitoring

Token Usage Tracking

KillIT v3 tracks all AI usage for:

  • Billing: Cost attribution per customer/tenant
  • Optimization: Identify high-usage operations
  • Monitoring: Track API performance and errors
  • Reporting: Usage dashboards and analytics

Storage: MongoDB collection aiUsageMetrics

Monitoring Endpoints

GET /api/monitoring/ai        # AI metrics dashboard

Shows:

  • Tokens used by service/endpoint
  • Cost by customer/tenant
  • Model performance metrics
  • Error rates and latencies

Claude Service Configuration

File: /backend/services/ai/claude-service.js

Available Models:

  • eu.anthropic.claude-haiku-4-5-20251001-v1:0 (Fast, cost-effective)
  • eu.anthropic.claude-sonnet-4-5-20250929-v1:0 (Latest, highest quality)
  • anthropic.claude-3-haiku-20240307-v1:0 (Fallback)
  • anthropic.claude-3-5-sonnet-20241022-v2:0 (Standard)

Rate Limiting:

  • 100 requests/minute (safety margin)
  • 4000 token context window (configurable)
  • 3 automatic retries with exponential backoff

Data Isolation:

  • All calls include tenant/customer context
  • Per-tenant metrics tracking
  • Isolated search results and knowledge bases

Environment Variables

# Claude/Bedrock Configuration
CLAUDE_MODEL=eu.anthropic.claude-haiku-4-5-20251001-v1:0
CLAUDE_MAX_TOKENS=4000
CLAUDE_TEMPERATURE=0.7
AWS_REGION=eu-central-1

# OpenAI (Optional, for holiday generator)
OPENAI_API_KEY=<your-key>
OPENAI_MODEL=gpt-3.5-turbo

# AWS Credentials
AWS_ACCESS_KEY_ID=<your-key>
AWS_SECRET_ACCESS_KEY=<your-secret>

AI Use Case Summary Table

Use CaseServiceTriggerTime SavedPrimary Benefit
Business Service DiscoveryClaude SonnetUser-initiatedHours → minutesAutomated infrastructure mapping
CI InsightsClaude HaikuOn-demandMinutes → secondsFast CI understanding
Relationship DiscoveryClaude HaikuDuring scansDays → automaticDependency mapping automation
Change Risk AnalysisClaude SonnetUser-initiatedHours → minutesData-driven risk assessment
AI ChatbotClaude Sonnet 3.7User queryMinutes → secondsNatural language access
Event AnalysisClaude HaikuAuto-triggeredHours → secondsRoot cause identification
Holiday GeneratorOpenAI/ClaudeOn-demandDays → secondsCalendar automation
Embedding SearchBedrockQuery timeMinutes → secondsSemantic discovery
Scan EnrichmentClaude HaikuAuto-processingDays → automaticData enrichment automation
Catalog EnrichmentClaude SonnetOn-demandHours → minutesMetadata automation

Performance & Costs

Estimated Monthly Usage

For typical enterprise (1000 CIs, 500 relationships, 10000 events):

  • Business Service Analysis: ~50 queries → ~2M tokens
  • CI Insights: ~100 queries → ~500K tokens
  • Relationship Discovery: ~500 relationships → ~1M tokens
  • Chatbot: ~200 conversations → ~500K tokens
  • Event Analysis: ~500 events → ~250K tokens
  • Total: ~4.25M tokens/month

Cost Examples

Using Claude Haiku (Fast operations):

  • Input: $0.80 per M tokens
  • Output: $4.00 per M tokens
  • Estimated monthly: $20-30

Using Claude Sonnet (Complex operations):

  • Input: $3.00 per M tokens
  • Output: $15.00 per M tokens
  • Estimated monthly: $75-100

Security & Compliance

Data Handling

  • No External Storage: AI requests/responses not stored externally
  • Encryption: All API calls over HTTPS
  • Tenant Isolation: Metrics and results isolated per tenant
  • GDPR Compliance: Personal data handled per regulations
  • Audit Trail: All AI operations logged for compliance

Rate Limiting

  • 100 requests/minute per tenant (safety buffer)
  • Automatic backoff for rate limits
  • 3-tier retry strategy with exponential backoff

Future Enhancements

Planned Features

  1. Enhanced Relationship Discovery: ML model for relationship confidence
  2. Predictive Capacity Planning: Forecast infrastructure needs
  3. Automated Remediation: AI-driven incident resolution
  4. Knowledge Base Integration: Connect to runbooks and documentation
  5. Multi-Model Selection: User-configurable model selection per operation

Getting Help

For questions about AI use cases:

  1. Check CloudWatch logs for AI service activity
  2. Review /api/monitoring/ai for usage patterns
  3. Contact support with specific use case questions
  4. See deployment logs in GitHub Actions for model availability

Version History

  • v3.6.6 (Oct 29, 2024): Fixed markdown extraction in Claude responses
  • v3.6.5 (Oct 15, 2024): Enhanced CI insights and relationship discovery
  • v3.6.4 (Oct 10, 2024): Added service pattern library