DEV Community: Siddharth Singh

Top 10 AIOps Platforms Offering Free Root Cause Analysis in 2026

Siddharth Singh — Fri, 10 Apr 2026 17:06:02 +0000

Key Takeaway: AIOps platforms now compete on the quality of AI-driven root cause analysis and the accessibility of free or open source entry points. Whether you need a full enterprise observability suite or a focused open source investigation tool, there's a platform with a free starting point for your team.

AIOps — Artificial Intelligence for IT Operations — combines AI/ML algorithms with big data analytics to automate IT operations and incident response across cloud and hybrid environments. In 2026, the landscape has matured significantly: platforms now offer autonomous investigation, deterministic AI, and agentic workflows that go far beyond basic alert correlation.

This guide covers the 10 best AIOps platforms that offer free root cause analysis capabilities — either through free tiers, open source licenses, or trial access.

Quick Comparison

Platform / Type / Free Access / RCA Approach / Best For

Aurora by Arvo AI — Open source (Apache 2.0) — Free forever (self-hosted) — Alert correlation + AI summarization + agentic autonomous investigation — SRE teams needing the full AIOps workflow in one free tool
Dynatrace — Enterprise SaaS — 15-day trial — Deterministic AI (Davis AI) — Large enterprises with complex microservice architectures
Datadog — SaaS — Free tier (5 hosts) — Watchdog anomaly detection — Teams wanting unified observability with easy onboarding
New Relic — SaaS — Free tier (100 GB/month) — Applied Intelligence — Organizations seeking usage-based pricing flexibility
OpenObserve — Open source (AGPL-3.0) — Free forever (self-hosted) — Log/metric/trace analytics — Cost-conscious teams needing petabyte-scale observability
Splunk ITSI — Enterprise SaaS — Trial available — Predictive ML analytics — Enterprises with heavy log volumes and existing Splunk investment
Grafana Cloud — SaaS + Open source — Free tier (10k metrics) — ML-powered Sift diagnostics — Teams already using the Grafana/Prometheus stack
Metoro — SaaS — Free tier (1 cluster) — AI SRE for Kubernetes — Kubernetes-native teams wanting automated deployment verification
BigPanda — Enterprise SaaS — Demo only — Open Box ML correlation — Large IT ops teams drowning in alert noise
PagerDuty — SaaS — Free tier (5 users) — AIOps add-on (paid) — Teams needing on-call + incident coordination

1. Aurora by Arvo AI

Aurora covers the full AIOps investigation workflow — from alert correlation and incident summarization all the way to autonomous multi-step root cause analysis. When alerts fire, Aurora's AlertCorrelator groups related alerts into incidents, generates AI summaries, and then triggers autonomous agents that query your cloud infrastructure directly.

How Aurora does RCA:

Alert correlation — groups related alerts into incidents by service and time proximity (AlertCorrelator service)
AI incident summarization — generates structured summaries with context and suggested next steps
Autonomous multi-step investigation — LangGraph-orchestrated agents dynamically select from 30+ tools per investigation
Executes kubectl, aws, az, gcloud commands in sandboxed Kubernetes pods (non-root, read-only filesystem, seccomp enforced)
Queries cloud APIs directly — AWS (STS AssumeRole), Azure (Service Principal), GCP (OAuth), OVH, Scaleway
Traverses Memgraph infrastructure dependency graph for blast radius analysis
Searches Weaviate knowledge base via vector search over runbooks and past postmortems
Generates structured RCA with timeline, evidence citations, and remediation steps
Suggests code fixes with diff preview — human approves and creates PR
Auto-generates postmortems exportable to Confluence and Jira

Free access: Completely free. Apache 2.0 open source, self-hosted via Docker Compose or Helm chart. No per-seat pricing, no usage limits. Use any LLM provider including Ollama for local models.

Integrations: 25+ verified — PagerDuty, Datadog, Grafana, New Relic, Dynatrace, Splunk, BigPanda, Kubernetes, Terraform, GitHub, Confluence, Slack, and more.

Best for: SRE teams that need a single free platform covering alert correlation, AI summarization, AND deep autonomous cloud investigation — without paying for three separate tools.

"We built Aurora to cover the full investigation workflow. It correlates alerts, summarizes incidents, then actually queries your AWS accounts, checks your Kubernetes pods, and traces the dependency chain — all autonomously." — Noah Casarotto-Dinning, CEO at Arvo AI

git clone https://github.com/Arvo-AI/aurora.git
cd aurora
make init && make prod-prebuilt

2. Dynatrace

Dynatrace is an enterprise observability leader powered by its Davis AI engine, which uses deterministic AI for precise root cause identification.

RCA approach: Deterministic AI that consistently produces the same result for the same input — as opposed to probabilistic models that may vary. Davis AI continuously auto-discovers your infrastructure and maps dependencies across microservice architectures.

Free access: 15-day free trial plus a public sandbox environment. No permanent free tier.

Pricing: Usage-based. Infrastructure monitoring starts at $7/month per host (Foundation), $29/month (Infrastructure Monitoring), $58/month (Full-Stack).

Strengths: Deep auto-discovery, topology mapping, precise deterministic RCA.
Limitations: Enterprise-oriented pricing, complex configuration for advanced features.

Best for: Large enterprises with complex microservice architectures needing precise, repeatable RCA.

3. Datadog

Datadog provides a comprehensive observability ecosystem with a generous free tier for experimentation.

RCA approach: Watchdog — an AI engine that continuously analyzes billions of data points for automatic anomaly detection, root cause analysis, and contextual insights across metrics, logs, traces, and security data.

Free access: $0 free tier for Infrastructure Monitoring — up to 5 hosts with 1-day metric retention.

Pricing: Pro starts at $15/host/month (billed annually). Modular pricing across 20+ products.

Strengths: Unified platform, easy onboarding, broad integration ecosystem.
Limitations: Costs can scale quickly with multiple products and high cardinality.

Best for: Teams wanting unified cloud monitoring with AI-assisted incident detection and easy experimentation via the free tier.

4. New Relic

New Relic offers telemetry-centric observability with built-in AI for incident analysis.

RCA approach: Applied Intelligence — an AI module that deduplicates alerts, correlates incidents, and pinpoints root causes across cloud-native infrastructure using ML.

Free access: Free tier includes 100 GB/month data ingest, 1 full platform user, and 50+ capabilities. Usage-based pricing allows low-risk adoption.

Pricing: Usage-based — pay for data ingested and number of users.

Strengths: Flexible pricing, full-stack observability, large integration library.
Limitations: Advanced AI features may require higher tiers.

Best for: Organizations seeking flexible, usage-based pricing with built-in AI for alert correlation and incident analysis.

5. OpenObserve

OpenObserve is an open source observability platform built in Rust for high-performance log, metric, and trace analytics.

RCA approach: Analytics-driven observability — fast search and correlation across logs, metrics, and traces. Not agentic AI, but provides the data foundation for manual or scripted RCA.

Free access: Fully open source under AGPL-3.0. Self-hosted is free forever with unlimited users. Cloud plan also offers a free tier. Self-hosted Enterprise is free up to 200 GB/day ingestion.

Strengths: Claims 140x lower storage cost vs Elasticsearch. Petabyte-scale. Written in Rust for performance.
Limitations: Observability platform, not a dedicated AIOps/RCA tool. Requires engineering effort for investigation workflows.

Best for: Cost-conscious engineering teams needing high-performance observability as a foundation for RCA.

6. Splunk ITSI

Splunk ITSI (IT Service Intelligence) is an enterprise AIOps platform for organizations with heavy log volumes.

RCA approach: ML-powered predictive analytics — uses machine learning and historical data to detect future service degradations. Includes automated event aggregation with out-of-the-box ML policies and alert correlation.

Free access: Trial available. No permanent free tier.

Pricing: Not publicly listed. ITSI is a premium add-on requiring a base Splunk Enterprise or Cloud license. Widely considered one of the most expensive options in the AIOps space — costs scale significantly with data volume.

Strengths: Predictive alerting, deep service-level insights, mature ML capabilities.
Limitations: Significant cost at scale, proprietary query language (SPL), complex implementation.

Best for: Mid-to-large enterprises with existing Splunk investment and heavy log volumes.

7. Grafana Cloud

Grafana Cloud extends the popular open source Grafana ecosystem with cloud-hosted observability and ML-powered diagnostics.

RCA approach: ML-powered Sift for automated diagnostics, plus Correlations features that create interactive links between data sources. Application Observability auto-correlates metrics, logs, and traces.

Free access: Permanent free tier — 10,000 active metric series/month, 50 GB logs/traces/profiles, 3 active users, 14-day retention. No credit card required.

Strengths: Strong community, extensible with thousands of dashboards and plugins, works with Prometheus/Loki/Tempo natively.
Limitations: Operational tuning may be required for effective RCA at scale. ML features are newer additions.

Best for: Teams already using the Grafana/Prometheus stack who want cloud-hosted ML-powered diagnostics.

8. Metoro

Metoro is a developer/SRE-focused AIOps platform built specifically for Kubernetes environments.

RCA approach: AI SRE for Kubernetes — autonomous deployment verification, AI issue detection, root cause analysis, and remediation suggestions. Uses eBPF for telemetry collection.

Free access: Hobby plan — free forever, includes 1 cluster, 1 user, 2 nodes, 200 GB ingested/month.

Strengths: Kubernetes-native, automated deployment verification, APM + log management + infrastructure monitoring in one.
Limitations: Focused on Kubernetes — less suitable for non-containerized environments.

Best for: Kubernetes-native teams wanting an AI SRE that automates deployment verification and incident investigation.

9. BigPanda

BigPanda specializes in transparent, explainable ML-based event correlation for large IT operations teams.

RCA approach: Open Box Machine Learning (OBML) — transparent ML where users can examine automation logic in plain English, edit it, and preview before deploying. Correlates alerts across time, topology, context, and alert type. Claims 95%+ IT noise reduction.

Free access: No free tier or self-serve trial. Access through demo requests and sales engagement.

Strengths: Transparent/explainable AI (not black box), massive noise reduction, customizable correlation rules.
Limitations: Enterprise-only, no self-serve access, requires sales engagement.

Best for: Large IT ops teams drowning in alert noise who need transparent, customizable AI correlation.

10. PagerDuty

PagerDuty is the industry standard for incident response and on-call coordination, with AIOps capabilities available as add-ons.

RCA approach: AIOps add-on provides alert noise reduction (claims 91% reduction), intelligent correlation, and "Probable Origin" for root cause suggestions. Note: RCA features are not included in the free tier — they require the AIOps add-on ($699+/month) on top of a paid plan.

Free access: Free tier includes up to 5 users, 1 on-call schedule, basic incident management, and 700+ integrations. Basic alerting and response only — no RCA.

Pricing: Professional from $21/user/month (annual). AIOps add-on from $699/month. PagerDuty Advance (GenAI) from $415/month.

Strengths: Industry-standard on-call, 700+ integrations, robust mobile app, strong ecosystem.
Limitations: RCA requires expensive add-ons, not included in base plans.

Best for: Teams that already use PagerDuty for on-call and want to add AI-powered correlation and noise reduction.

How to Choose the Right Platform

When evaluating free AIOps RCA tools, prioritize these criteria:

RCA approach — Deterministic AI (Dynatrace), probabilistic ML (BigPanda), or agentic investigation (Aurora)?
Telemetry breadth — Does it cover logs, metrics, traces, and infrastructure state?
Cloud integration — Does it work with your cloud providers and existing monitoring stack?
Free tier limitations — What's actually included? Some "free" plans exclude RCA entirely (PagerDuty).
Self-hosted vs SaaS — Do you need data sovereignty? Only Aurora and OpenObserve offer full self-hosted deployment.
Investigation depth — Does it correlate alerts, or does it actually query your infrastructure?

Start with a free tier or open source instance to validate whether automated RCA reduces your MTTR before scaling to paid plans.

Key Features to Look For

AI/ML approach — Deterministic vs probabilistic vs agentic
Telemetry support — Logs, metrics, traces, and infrastructure state
Cloud provider integration — Native connectors for AWS, Azure, GCP, Kubernetes
Remediation guidance — Does it just identify the cause, or suggest fixes?
Postmortem automation — Auto-generated incident documentation
Knowledge base — Search over runbooks and past incidents
Compliance — SOC 2, HIPAA, GDPR if required

Mean Time to Repair (MTTR) — the average time to detect, diagnose, and resolve an incident — is the key metric. Research shows that AIOps root cause automation can cut MTTR by up to 50%.

Learn more about automated RCA in our Root Cause Analysis: The Complete Guide for SREs and explore how agentic investigation works in What is Agentic Incident Management?. For open source options, see Open Source Incident Management: Why It Matters.

All platform claims verified from official vendor websites. Last verified: April 2026.

incident.io Alternative: Open Source AI Incident Management

Siddharth Singh — Mon, 06 Apr 2026 22:18:30 +0000

Key Takeaway: incident.io is one of the strongest incident management platforms available — used by Netflix, Airbnb, and Etsy with a free Basic tier. But it's closed-source SaaS with no self-hosted option and undisclosed AI. Aurora is an open source (Apache 2.0) alternative focused on autonomous AI investigation with full infrastructure access — free, self-hosted, and works with any LLM.

What is incident.io?

incident.io describes itself as "the all-in-one AI platform for on-call, incident response, and status pages — built for fast-moving teams." It's one of the most well-regarded tools in the space, with customers including Netflix, Airbnb, Etsy, Intercom, and Vanta.

incident.io offers four core products:

Incident Response — Slack-native workflows, catalog, post-mortems
On-Call — Schedules, escalation, alerting with 40+ alert sources
AI SRE — Autonomous investigation, code fix PRs, context search
Status Pages — Public, internal, and customer-specific pages

As Airbnb's Director of SRE Nils Pommerien said: "If I could point to the single most impactful thing we did to change the culture at Airbnb, it would be rolling out incident.io."

What is Aurora?

Aurora is an open source (Apache 2.0) AI agent for automated incident investigation and root cause analysis. Aurora's LangGraph-orchestrated agents autonomously query infrastructure across AWS, Azure, GCP, OVH, Scaleway, and Kubernetes — delivering structured RCA with remediation recommendations.

Aurora is free, self-hosted, and works with any LLM provider including local models via Ollama.

How They Compare

AI Investigation

incident.io AI SRE (incident.io/ai-sre):

Triages and investigates alerts, analyzes root cause
Connects code changes, alerts, and past incidents to uncover what went wrong
@incident chat in Slack — ask questions, get answers within seconds
Spots failing pull requests behind incidents
Searches through thousands of resources for relevant answers
Pulls metrics from monitoring dashboards directly into Slack
Scans public Slack channels for related discussions
Drafts code fixes and opens pull requests directly from Slack
Suggests next steps based on past incidents
AI-native post-mortems
MCP server (Beta) for IDE integration

Aurora AI:

Multi-agent architecture via LangGraph with dynamic tool selection (30+ tools)
Correlates alerts across services and dependencies
Constructs investigation timelines linking deployments, infra events, and telemetry
Generates structured RCA with evidence citations and remediation steps
Human-in-the-loop for write/destructive actions — read-only commands run automatically
Executes kubectl, aws, az, gcloud commands in sandboxed Kubernetes pods
Queries cloud APIs directly — AWS (STS AssumeRole), Azure (Service Principal), GCP (OAuth), OVH, Scaleway
Traverses Memgraph infrastructure dependency graph for blast radius
Searches Weaviate knowledge base (vector search over runbooks and past incidents)
Suggests code fixes with diff preview — human approves and creates PR
Exports postmortems to Confluence and Jira
Works with any LLM provider — choose your model

Key Difference

incident.io's AI SRE correlates data from monitoring tools, source control, and past incidents within Slack. Aurora's agents go deeper — they directly query cloud provider APIs and execute CLI commands in sandboxed pods to gather live infrastructure data during investigation.

On-Call & Alerting

incident.io has a full on-call product:

40+ alert sources ready to go
Schedules: simple, shadow rotations, follow-the-sun
99.99% delivery reliability claimed
AI alert intelligence (noise reduction)
Cover requests and easy overrides
Holiday feeds, compensation calculator
Migration tools from PagerDuty and Opsgenie
Mobile app

Aurora has no on-call capabilities. For on-call, use incident.io, PagerDuty, Grafana OnCall, or Opsgenie alongside Aurora.

Incident Coordination

incident.io excels here:

Slack-native incident response with workflows
Catalog for service ownership and context
Post-mortems with AI drafts
Status pages (public, internal, customer-specific)
Insights and analytics
~69 integrations across monitoring, ticketing, communication, HR

Aurora creates Slack incident channels, tracks action items with Jira sync, and generates postmortems. No status pages, no service catalog, no mobile app.

Feature Comparison

incident.io has, Aurora doesn't:

On-call scheduling, escalation, alerting (40+ sources)
Microsoft Teams support
Status pages (public, internal, customer-specific)
Service catalog
Insights and analytics
Mobile app
MCP server for IDEs (Beta)
AI that searches Slack channels for context
Metrics dashboard pulling from Slack
HR system integrations (BambooHR, Rippling, etc.)
~69 integrations
SOC 2, HIPAA compliance
Netflix, Airbnb, Etsy as customers

Aurora has, incident.io doesn't:

Direct cloud infrastructure querying (AWS, Azure, GCP, OVH, Scaleway APIs)
CLI execution in sandboxed Kubernetes pods
Native vector search knowledge base (Weaviate RAG)
Infrastructure dependency graph (Memgraph)
Terraform/IaC state analysis
Open source (Apache 2.0) — full codebase auditable
Self-hosted deployment (Docker Compose, Helm)
LLM provider flexibility (OpenAI, Anthropic, Google, Ollama for air-gapped)
Free — no per-user pricing

Both have:

AI-powered root cause analysis
AI-suggested code fixes and PR generation
Slack incident channel management
Automated postmortem generation
GitHub and GitLab integration
Datadog, Grafana integration
Action item tracking
RBAC and security controls
Human-in-the-loop for destructive actions

Pricing

incident.io (incident.io/pricing):

Basic: Free forever (1 custom field, 1 workflow, 2 integrations)
Team: $15/user/month (annual) — add on-call for +$10/user/month
Pro: $25/user/month — add on-call for +$20/user/month, AI post-mortems included
Enterprise: Custom pricing — unlimited everything, HIPAA, SCIM, custom RBAC
Standalone On-Call: $20/user/month

Aurora:

Free — Apache 2.0, self-hosted
Costs: infrastructure + LLM API usage
$0 LLM cost with Ollama local models

Example: 20-person team on incident.io Pro + On-Call:
$25 + $20 = $45/user/month x 20 = $900/month

Aurora: $0 + infrastructure + LLM API.

Open Source vs SaaS

incident.io is closed-source SaaS. You cannot self-host, audit the AI's reasoning, or choose your LLM provider.

Aurora is fully open source under Apache 2.0:

Read every line of code the AI uses to investigate
Self-host with zero data leaving your environment
Use any LLM provider or run local models via Ollama
Modify workflows, add custom tools, fork for your needs

When to Choose incident.io

You want the best all-in-one SaaS platform — incident.io is widely regarded as the best UX in the category
Slack-native AI chat matters — @incident in Slack is deeply integrated
You need on-call + response + status pages in one tool
Enterprise customers are important — Netflix, Airbnb, Etsy validation
Free tier works for you — Basic plan is genuinely free forever
Compliance is critical — SOC 2, HIPAA available

When to Choose Aurora

Investigation is your bottleneck — you need AI that directly queries your cloud infrastructure, not just correlates monitoring data
Open source is required — full transparency into how AI investigates your production systems
Self-hosted is required — compliance, data sovereignty, or air-gapped environments
Multi-cloud breadth — you need OVH or Scaleway alongside AWS, Azure, GCP
LLM flexibility — choose your own provider or run local models
Budget is limited — Aurora is free; incident.io Pro + On-Call is $900+/month for 20 users
You want a custom integration — the Arvo AI team builds custom integrations at no cost. Reach out and they'll build it with you.

Using incident.io + Aurora Together

They complement each other well:

Alert fires → incident.io creates channel, pages on-call, updates status page
Same alert → Aurora receives webhook, starts AI investigation
incident.io coordinates response (roles, workflows, comms)
Aurora investigates in background (queries cloud, checks K8s, searches knowledge base)
On-call SRE finds Aurora's RCA in the incident channel
Aurora generates postmortem → exports to Confluence
incident.io tracks follow-up actions

Limitations of Aurora

Aurora focuses on investigation, not full incident lifecycle management:

No on-call scheduling — use incident.io, PagerDuty, or Grafana OnCall alongside Aurora
No status pages — incident.io includes these on all tiers
Slack only — no Microsoft Teams support currently
No mobile app — incident.io has a polished mobile experience
Fewer integrations — Aurora has 25+ vs incident.io's ~69
SOC 2 Type II in progress — not yet certified
No Slack-native AI chat — Aurora's AI works through its web dashboard, not @mentions in Slack channels like incident.io

"incident.io has the best UX in the category — we respect that. Aurora's strength is different: deep cloud infrastructure investigation. If your SRE team is spending hours querying AWS, kubectl, and Grafana manually after getting paged, that's the problem Aurora solves." — Noah Casarotto-Dinning, CEO at Arvo AI

Getting Started with Aurora

git clone https://github.com/Arvo-AI/aurora.git
cd aurora
make init
make prod-prebuilt

Configure your monitoring webhooks, add cloud credentials, and investigations start automatically. See the full documentation.

Learn more at arvoai.ca. For other comparisons, see Aurora vs Traditional Tools, PagerDuty Alternative, and Rootly Alternative.

All claims sourced from official websites. incident.io data from incident.io. Aurora data from github.com/Arvo-AI/aurora. Last verified: April 2026.

FireHydrant Alternative: Open Source AI Incident Management

Siddharth Singh — Mon, 06 Apr 2026 22:05:16 +0000

Key Takeaway: FireHydrant is a solid incident management platform — but it was acquired by Freshworks in December 2025, AI features are locked to the Enterprise tier, and there's no autonomous investigation. Aurora is an open source (Apache 2.0) alternative with AI agents that autonomously investigate root causes across your cloud infrastructure — completely free and self-hosted.

What is FireHydrant?

FireHydrant is an all-in-one incident management platform that helps teams plan, respond to, and learn from incidents. Their tagline: "Fight Fires Faster." They claim teams resolve incidents up to 90% faster with their platform.

In December 2025, FireHydrant was acquired by Freshworks (NASDAQ: FRSH). The platform will become the incident management and reliability layer inside Freshservice, Freshworks' ITSM product.

Notable customers: Backblaze (91% faster mitigation), Bluecore (saving 30-90 minutes per incident), Snyk, LaunchDarkly, AuditBoard, Qlik, Avalara.

What is Aurora?

Aurora is an open source (Apache 2.0) AI agent for automated incident investigation and root cause analysis. When an alert fires, Aurora's LangGraph-orchestrated agents autonomously query your infrastructure across AWS, Azure, GCP, OVH, Scaleway, and Kubernetes — delivering a structured RCA with remediation recommendations.

Aurora is free, self-hosted, and works with any LLM provider.

How They Compare

AI Capabilities

FireHydrant AI (Enterprise tier only):

AI-generated incident summaries from Slack messages
Automated event timelines
Real-time call transcription (Zoom, Google Meet) with key point summarization
AI-drafted retrospectives with contributing factors and suggested action items
Stakeholder update generation

FireHydrant's AI is documentation-focused — it summarizes what happened, transcribes calls, and drafts retrospectives. It does not autonomously investigate root causes or query infrastructure.

Aurora AI:

Multi-agent architecture via LangGraph with dynamic tool selection (30+ tools)
Correlates alerts across services and dependencies
Constructs investigation timelines linking deployments, infra events, and telemetry
Generates structured RCA with evidence citations and remediation steps
Human-in-the-loop for write/destructive actions — read-only commands run automatically
Executes kubectl, aws, az, gcloud commands in sandboxed Kubernetes pods
Queries cloud APIs directly — AWS, Azure, GCP, OVH, Scaleway
Traverses Memgraph infrastructure dependency graph for blast radius
Searches Weaviate knowledge base (vector search over runbooks and past incidents)
Suggests code fixes with diff preview — human approves and creates PR
Works with any LLM provider including local models via Ollama

Incident Response & Coordination

FireHydrant is strong at incident coordination:

Slack and Microsoft Teams chatbot
Automated runbooks (triggered by severity, service, or custom fields)
Incident roles and assignments
Service catalog with dependency mapping and deployment tracking
38+ integrations
MTTx analytics (MTTD, MTTA, MTTR, MTTM)
Mobile notifications (iOS, Android)

Aurora creates and manages Slack incident channels, tracks action items with Jira sync, and sends investigation notifications. Aurora does not have Microsoft Teams support, incident roles, service catalog, or mobile app.

On-Call & Alerting

FireHydrant (branded "Signals"):

Team-based on-call schedules with unlimited escalation policies
SMS, voice, push, Slack, Teams, email, WhatsApp notifications
Alert routing via Common Expression Language (CEL)
Consumption-based alert pricing (not per-seat)
Alert grouping (Enterprise only)

Aurora has no on-call capabilities. For on-call, use PagerDuty, Grafana OnCall, or Opsgenie alongside Aurora.

Feature Comparison

FireHydrant has, Aurora doesn't:

Microsoft Teams support
Incident roles and assignments
Service catalog with dependency mapping
Status pages (public and private)
MTTx analytics dashboards
Mobile notifications (iOS, Android)
Deployment tracking
Call transcription (Zoom, Google Meet)
SOC 2 compliance
38+ integrations
Consumption-based alerting

Aurora has, FireHydrant doesn't:

Autonomous AI investigation (FireHydrant AI is documentation-focused only)
Direct cloud infrastructure querying (AWS, Azure, GCP, OVH, Scaleway)
CLI execution in sandboxed Kubernetes pods
Native vector search knowledge base (Weaviate RAG)
Infrastructure dependency graph (Memgraph)
Terraform/IaC state analysis
AI-suggested code fixes with diff preview
Open source (Apache 2.0) — full codebase auditable
Self-hosted deployment (Docker Compose, Helm)
LLM provider flexibility (OpenAI, Anthropic, Google, Ollama)
Free — no licensing costs

Both have:

Slack incident channel management
Automated postmortem/retrospective generation
Action item tracking with Jira sync
On-call integrations (PagerDuty, Opsgenie)
Datadog, Grafana, New Relic monitoring integrations
GitHub integration
Runbook/workflow automation
RBAC and security controls

Pricing

FireHydrant (firehydrant.com/pricing):

Free trial: 2 weeks, up to 10 responders
Platform Pro: $9,600/year (flat, up to 20 responders)
Enterprise: Custom pricing (required for AI features)
Alerting is consumption-based (separate from platform fee)

Aurora:

Free — Apache 2.0, self-hosted
Costs: infrastructure + LLM API usage
$0 LLM cost with Ollama local models

Note: FireHydrant AI features (summaries, transcripts, triage, retrospectives) are only available on the Enterprise tier. Pro users do not get AI capabilities.

The Freshworks Acquisition Factor

FireHydrant was acquired by Freshworks in December 2025. What this means:

The platform will be integrated into Freshservice (Freshworks' ITSM product)
Current accounts, pricing, and support stay the same during transition
Long-term product direction is now under Freshworks' roadmap
Some teams may want to evaluate alternatives before deeper Freshworks lock-in

Aurora is independently maintained open source — no acquisition risk, no vendor roadmap dependency.

When to Choose FireHydrant

You need full incident coordination — roles, runbooks, status pages, service catalog, analytics
Call transcription matters — real-time Zoom/Google Meet transcription with AI summaries
Microsoft Teams is required — Aurora is Slack-only
You want managed SaaS — no infrastructure to maintain
You're already in the Freshworks ecosystem — Freshservice integration will be seamless

When to Choose Aurora

Investigation is your bottleneck — you need AI that actually investigates, not just summarizes
You need direct cloud querying — AI agents that run commands on AWS, Azure, GCP, K8s
Open source is required — audit how AI investigates your infrastructure
Self-hosted is required — compliance, data sovereignty, or air-gapped environments
Budget is limited — FireHydrant Enterprise (required for AI) is custom pricing; Aurora is free
LLM flexibility — choose your provider or run local models
You're concerned about the acquisition — Aurora has no vendor lock-in risk
You want a custom integration — the Arvo AI team builds custom integrations at no cost. Reach out and they'll build it with you.

Limitations of Aurora

Aurora is powerful for investigation but doesn't replace a full incident coordination platform:

No on-call scheduling — use PagerDuty, Grafana OnCall, or Opsgenie alongside Aurora
No status pages — use Atlassian Statuspage, incident.io, or Instatus
Slack only — no Microsoft Teams support currently
No mobile app — investigation results are accessed via web dashboard
SOC 2 Type II in progress — not yet certified (FireHydrant has SOC 2)
Self-hosted requires infrastructure — you maintain the Docker/K8s deployment

"We built Aurora for one job — investigating why incidents happen. We deliberately didn't build on-call or status pages because tools like PagerDuty and FireHydrant already do those well. Aurora is the investigation layer that plugs into your existing stack." — Noah Casarotto-Dinning, CEO at Arvo AI

Getting Started with Aurora

git clone https://github.com/Arvo-AI/aurora.git
cd aurora
make init
make prod-prebuilt

Configure your monitoring webhooks, add cloud credentials, and investigations start automatically. See the full documentation.

Learn more at arvoai.ca. For other comparisons, see Aurora vs Traditional Tools, PagerDuty Alternative, and Rootly Alternative.

All claims sourced from official websites. FireHydrant data from firehydrant.com. Aurora data from github.com/Arvo-AI/aurora. Last verified: April 2026.

Resolve.ai Alternative: Open Source AI for Incident Investigation

Siddharth Singh — Thu, 02 Apr 2026 21:44:19 +0000

Key Takeaway: Resolve.ai is a $1B-valued AI SRE platform used by Coinbase, DoorDash, and Salesforce — but pricing requires contacting sales with no public pricing page. Aurora is an open source (Apache 2.0) alternative that delivers autonomous AI investigation with sandboxed cloud execution, infrastructure graphs, and knowledge base search — completely free and self-hosted.

What is Resolve.ai?

Resolve.ai is an AI-powered autonomous SRE platform founded in 2024 by Spiros Xanthos (former SVP at Splunk, co-creator of OpenTelemetry) and Mayank Agarwal. It raised $125M in Series A at a reported $1 billion valuation, backed by Lightspeed and Greylock with angels including Fei-Fei Li and Jeff Dean.

Resolve.ai positions as "machines on call for humans" — a multi-agent AI system that autonomously investigates production incidents across code, infrastructure, and telemetry.

Notable customers: Coinbase (73% faster time to root cause), DoorDash (87% faster investigations), Salesforce, MongoDB, Zscaler, Toast, Pinecone.

What is Aurora?

Aurora is an open source (Apache 2.0) AI agent for automated incident investigation and root cause analysis. When an alert fires, Aurora's LangGraph-orchestrated agents autonomously query your infrastructure across AWS, Azure, GCP, OVH, Scaleway, and Kubernetes — correlating data from 25+ tools and delivering a structured RCA with remediation recommendations.

Aurora is free, self-hosted, and works with any LLM provider including local models via Ollama.

How They Compare

AI Investigation Approach

Resolve.ai:

Multi-agent architecture with parallel hypothesis testing
Formulates multiple theories per incident, deploys sub-agents to investigate each simultaneously
Correlates alerts across services and dependencies
Constructs causal timelines linking code changes, infra events, and telemetry
Generates root cause analysis with confidence scores
Human-in-the-loop approval gates before automated actions
Per-customer fine-tuned models

Aurora:

Multi-agent architecture via LangGraph with dynamic tool selection (30+ tools)
Correlates alerts across services and dependencies (AlertCorrelator + Memgraph graph)
Constructs investigation timelines linking deployments, infra events, and telemetry
Generates structured RCA with evidence citations and remediation steps
Human-in-the-loop for write/destructive actions — read-only commands run automatically
Executes kubectl, aws, az, gcloud commands in sandboxed Kubernetes pods (non-root, read-only filesystem, capabilities dropped, seccomp enforced)
Queries cloud APIs directly — AWS (STS AssumeRole), Azure (Service Principal), GCP (OAuth), OVH, Scaleway
Traverses Memgraph infrastructure dependency graph for blast radius
Searches Weaviate knowledge base (vector search over runbooks and past incidents)
Works with any LLM provider — choose your own model

Cloud & Infrastructure

Resolve.ai:

AWS and GCP confirmed
Azure is not listed on their integrations page
Kubernetes support confirmed
Deploys an on-premise "satellite" agent as a secure gateway — core platform runs in Resolve's cloud

Aurora:

AWS, Azure, GCP, OVH, Scaleway — all five with native authentication
Deep Kubernetes integration via outbound WebSocket kubectl-agent
Fully self-hosted — Docker Compose or Helm chart
No data leaves your environment

Integrations

Resolve.ai (resolve.ai/integrations):

Monitoring: Grafana, Datadog, Splunk, Prometheus, Dynatrace, Elastic, Chronosphere, Kloudfuse, OpenSearch
Infrastructure: Kubernetes, AWS, GCP
Code: GitHub
Chat: Slack
Knowledge: Notion
Custom: MCP, APIs, Webhooks
Total: ~17+ confirmed

Aurora (github.com/Arvo-AI/aurora):

Monitoring: PagerDuty, Datadog, Grafana, New Relic, Netdata, Dynatrace, Coroot, ThousandEyes, BigPanda, Splunk
Cloud: AWS, Azure, GCP, OVH, Scaleway
Infrastructure: Kubernetes, Terraform, Docker
CI/CD: GitHub, Bitbucket, Jenkins, CloudBees, Spinnaker
Docs: Confluence, Jira, SharePoint
Network: Cloudflare, Tailscale
Communication: Slack
Total: 25+ confirmed

Knowledge & Learning

Resolve.ai:

Learns from runbooks, wikis, chats, and historical incidents
Builds a knowledge graph of infrastructure components
Captures tribal knowledge from production systems
Per-customer fine-tuned models that improve from feedback (thumbs up/down)

Aurora:

Built-in Weaviate vector store for semantic search over runbooks, postmortems, and documentation
Memgraph infrastructure dependency graph maps relationships across all cloud providers
Learns from past investigations stored in the knowledge base

Code Fixes & Remediation

Resolve.ai: Generates remediation PRs via GitHub with supporting context. Suggests kubectl commands and scripts. All actions require human approval before execution.

Aurora: Suggests code fixes with diff preview — human reviews and creates PR with one click via GitHub and Bitbucket. Executes read-only CLI commands in sandboxed pods. Generates postmortems exportable to Confluence and Jira.

Feature Comparison

Resolve.ai has, Aurora doesn't:

Automatic JIRA ticket updates during investigation
Enterprise support with SLAs
Available on AWS Marketplace

Aurora has, Resolve.ai doesn't:

Azure, OVH, and Scaleway cloud support
Open source (Apache 2.0) — full codebase auditable
Self-hosted deployment (Docker Compose, Helm)
LLM provider flexibility (OpenAI, Anthropic, Google, Ollama for air-gapped)
Slack incident channel creation and management
PagerDuty, New Relic, BigPanda, ThousandEyes, Coroot integrations
Terraform/IaC state analysis
Bitbucket, Jenkins, CloudBees, Spinnaker integrations
Confluence and SharePoint integration
Network integrations (Cloudflare, Tailscale)
Free — no licensing costs whatsoever

Both have:

Autonomous AI incident investigation
Multi-agent architecture
Root cause analysis with evidence
AI-suggested code fixes (human-approved PRs)
Infrastructure dependency/knowledge graph
Knowledge base search (runbooks, wikis, past incidents)
Kubernetes investigation
AWS and GCP support
Datadog, Grafana, Splunk, Dynatrace integrations
Slack integration
RBAC and security controls
AI that learns from user feedback
Causal timeline construction with dependency chain mapping
Human-in-the-loop for destructive actions
Per-customer tuning (Resolve.ai via fine-tuned models; Aurora via open source customization)
SOC 2 Type II compliance (Resolve.ai: certified; Aurora: in progress)

Pricing

Resolve.ai:

No public pricing page
Custom enterprise pricing (contact sales)
No free tier or self-service signup
Target: large enterprise SRE teams

Aurora:

Free — Apache 2.0, self-hosted
Costs: infrastructure (VM or K8s cluster) + LLM API usage
$0 LLM cost with Ollama local models
No contracts, no sales calls, no per-user pricing

The price difference is the core story. Resolve.ai delivers enterprise AI investigation for enterprise budgets. Aurora delivers open source AI investigation for everyone else.

Open Source vs Enterprise SaaS

Resolve.ai is a closed-source, cloud-hosted enterprise platform. You cannot audit the AI's reasoning, choose your own LLM, or self-host. Your incident data flows through Resolve's infrastructure (they state they don't persist raw data or train across customers).

Aurora is fully open source. You can:

Read every line of code the AI uses to investigate your infrastructure
Self-host with zero data leaving your environment
Use any LLM provider — or run local models for fully air-gapped operation
Modify investigation workflows, add custom tools, fork for your needs
Contribute back to the project

When to Choose Resolve.ai

You're a large enterprise company with budget for enterprise AI tooling
Managed fine-tuned models — you want the vendor to handle per-customer model training rather than customizing open source yourself
You need certified compliance today — SOC 2 Type II, HIPAA, GDPR already certified (Aurora's SOC 2 is in progress)
Managed service preferred — you don't want to maintain AI infrastructure

When to Choose Aurora

Budget matters — you can't justify custom enterprise pricing for AI investigation
Open source is required — you need full transparency into how AI investigates your production systems
Self-hosted is required — compliance, data sovereignty, or air-gapped environments
Multi-cloud breadth — you need Azure, OVH, or Scaleway alongside AWS and GCP
LLM flexibility — you want to choose your own provider or run models locally
You're a startup or mid-market — Resolve.ai has no mid-market pricing
You want a custom integration — the Arvo AI team actively builds custom integrations for companies at no cost. If there's a feature gap, reach out and they'll build it with you.

Getting Started with Aurora

git clone https://github.com/Arvo-AI/aurora.git
cd aurora
make init
make prod-prebuilt

Configure your monitoring webhooks (PagerDuty, Datadog, Grafana), add cloud provider credentials, and investigations start automatically. See the full documentation for deployment guides.

Rootly Alternative: Open Source AI Incident Management

Siddharth Singh — Thu, 02 Apr 2026 21:28:21 +0000

Key Takeaway: Rootly is an AI-native incident management platform with on-call, workflows, and AI SRE agents — starting at $20/user/month with AI SRE priced separately. Aurora is an open source (Apache 2.0) AI agent focused purely on autonomous incident investigation and root cause analysis. Rootly orchestrates your entire incident lifecycle. Aurora automates the hardest part — figuring out why something broke.

What is Rootly?

Rootly describes itself as an "AI-native incident management platform" — an all-in-one tool for detecting, managing, learning from, and resolving incidents. Founded in 2021, it's used by teams at Replit, NVIDIA, LinkedIn, Figma, and hundreds more, with a 4.8/5 rating on G2.

Rootly offers three products:

Incident Response — Slack/Teams-native workflows, playbooks, roles, status pages, retrospectives
On-Call — Schedules, escalation policies, alert routing, live call routing, mobile app
AI SRE — Autonomous AI agents for root cause analysis, remediation, and alert triage

What is Aurora?

Aurora is an open source AI agent that automates incident investigation. When a monitoring tool fires an alert, Aurora's LangGraph-orchestrated agents autonomously query your infrastructure across AWS, Azure, GCP, OVH, Scaleway, and Kubernetes — correlating data from 25+ tools and delivering a structured root cause analysis with remediation recommendations.

Aurora doesn't manage your incident lifecycle. It investigates the root cause.

How They Compare

Incident Response & Coordination

Rootly is a full incident lifecycle platform:

Slack and Microsoft Teams native incident channels
Automated workflows (create channels, page responders, update status)
Incident roles (commander, communications lead, etc.)
Playbooks and runbooks
Status pages (internal and external)
Action item tracking with Jira sync
DORA metrics and advanced analytics
Mobile app (iOS and Android)

Aurora is not a full incident coordination platform — no roles or status pages. However, Aurora does create and manage Slack incident channels, tracks action items with Jira sync, sends investigation notifications, and supports @aurora mentions in any channel for conversational investigation.

On-Call Management

Rootly has a full on-call product:

Schedules with shadow rotations, holiday calendars, PTO overrides
Escalation policies with gap detection
SMS, voice, push notifications (bypass Do Not Disturb)
Live call routing
On-call pay calculator
99.99% uptime claim

Aurora has no on-call capabilities. No schedules, no paging, no escalation. For on-call, use Rootly, PagerDuty, Grafana OnCall, or Opsgenie alongside Aurora.

AI Investigation

This is where the tools diverge most.

Rootly AI SRE (rootly.com/ai-sre):

Correlates alerts with code changes, deploys, and config changes
Generates root cause analysis with confidence scores
Surfaces similar past incidents and proven solutions
Drafts remediation steps and PRs with suggested fixes
AI Meeting Bot that transcribes incident bridges in real time
@rootly AI chat in Slack/Teams for summaries and task assignment
MCP server for IDEs (Cursor, Windsurf, Claude Code)
Chain-of-thought visibility ("see why a root cause is flagged")
Whether it directly queries cloud infrastructure APIs is unverified

Aurora AI Investigation:

Autonomous multi-step investigation using LangGraph-orchestrated agents
Dynamically selects from 30+ tools per investigation
Executes kubectl, aws, az, gcloud commands in sandboxed Kubernetes pods (non-root, read-only filesystem, capabilities dropped, seccomp enforced)
Queries cloud APIs directly — AWS (STS AssumeRole), Azure (Service Principal), GCP (OAuth), OVH, Scaleway
Traverses Memgraph infrastructure dependency graph for blast radius
Searches Weaviate knowledge base (vector search over runbooks, past postmortems)
Generates structured RCA with timeline, evidence citations, and remediation
Generates code fix pull requests via GitHub and Bitbucket
Exports postmortems to Confluence and Jira

Knowledge Base

Rootly: Surfaces similar past incidents during investigations. Integrates with Glean for broader knowledge search. No native vector search product.

Aurora: Built-in Weaviate-powered vector store. Upload runbooks, past postmortems, and documentation — the AI agent searches them using semantic similarity during every investigation.

Postmortems

Rootly: AI-generated retrospectives with context, timelines, and custom templates. Collaborative editing. Jira sync for action items.

Aurora: AI-generated postmortems with timeline, root cause, impact assessment, and remediation steps. One-click export to Confluence and Jira.

Feature Comparison

Rootly has, Aurora doesn't:

On-call scheduling, escalation policies, paging (SMS/voice/push)
Microsoft Teams support (Aurora is Slack-only)
Automated incident workflows (create channels, page responders, update status)
Status pages (internal and external)
Incident roles
DORA metrics and analytics
Mobile app (iOS, Android)
MCP server for IDEs
AI Meeting Bot for incident bridges
SOC 2 Type II, HIPAA, GDPR, CCPA compliance
70+ integrations

Aurora has, Rootly doesn't (or is unverified):

Direct cloud infrastructure querying (AWS, Azure, GCP, OVH, Scaleway APIs)
CLI command execution in sandboxed Kubernetes pods
Native vector search knowledge base (Weaviate RAG)
Infrastructure dependency graph (Memgraph)
Terraform/IaC state analysis
Open source (Apache 2.0) — full codebase auditable
Self-hosted deployment (Docker Compose, Helm)
LLM provider flexibility including local models (Ollama for air-gapped)
Free — no per-user or per-incident pricing

Both have:

AI-powered root cause analysis
Code fix PR generation
Automated postmortem generation
PagerDuty, Datadog, Grafana integrations
GitHub integration
Confluence integration
HashiCorp Vault integration
BYOK for LLM providers
Slack incident channels
Action item tracking with Jira sync

Pricing

Rootly (rootly.com/pricing):

Incident Response Essentials: $20/user/month
On-Call Essentials: $20/user/month
AI SRE: Contact sales (no published price)
Enterprise tiers: Contact sales
Bundle discounts available for IR + On-Call + AI SRE
Startup discount: up to 50% off (<100 employees, <$50M raised)
Free 14-day trial

Aurora:

Free — Apache 2.0, self-hosted
Costs: infrastructure (VM or K8s cluster) + LLM API usage
$0 LLM cost possible with Ollama local models

Example: 20-person SRE team

For Rootly IR + On-Call: $20 + $20 = $40/user/month x 20 = $800/month (before AI SRE add-on, which is priced separately via sales).

For Aurora: $0 + infrastructure + LLM API.

Note: Rootly pricing from rootly.com/pricing. AI SRE pricing is not publicly listed.

Open Source vs SaaS

Rootly is SaaS-only. The core platform is proprietary. They have open source tooling on GitHub (Terraform provider with 400,000+ downloads, Backstage plugin, CLI, SDKs) but not the platform itself.

Aurora is fully open source under Apache 2.0. The entire codebase — backend, frontend, agent orchestration — is on GitHub. You can:

Audit exactly what the AI does on your infrastructure
Modify investigation workflows and add custom tools
Fork and customize for your organization
Run fully air-gapped with local LLMs via Ollama
Keep all incident data in your own environment

When to Choose Rootly

Rootly is the better choice when:

You need a full incident lifecycle platform — on-call, workflows, status pages, roles, retrospectives, DORA metrics in one tool
Slack/Teams-native workflows matter — Rootly's incident channels and AI chat are deeply embedded in collaboration tools
Compliance requirements — SOC 2 Type II, HIPAA, GDPR out of the box
You want managed SaaS — no infrastructure to maintain
You need a mobile app — iOS and Android for on-call
Enterprise support — dedicated support, SLAs, BAA for HIPAA

When to Choose Aurora

Aurora is the better choice when:

Investigation is your bottleneck — your team spends hours diagnosing incidents manually
You need deep cloud investigation — AI agents that directly query AWS, Azure, GCP, and Kubernetes
You want open source — full transparency into how AI investigates your infrastructure
Self-hosted is required — compliance, data sovereignty, or air-gapped environments
Budget is limited — free forever, no per-user pricing
LLM flexibility matters — bring any provider, including local models
You already have on-call — PagerDuty, Grafana OnCall, or Opsgenie handles paging; you need the investigation layer
You want a custom integration — Aurora is open source and the Arvo AI team actively builds custom integrations for companies that need them — at no cost. If there's a feature gap, reach out and they'll build it with you.

Using Rootly + Aurora Together

They're not mutually exclusive. Rootly manages your incident lifecycle; Aurora investigates the root cause:

Alert fires → Rootly creates incident channel, pages on-call
Same alert → Aurora receives webhook, starts AI investigation
Rootly coordinates the response (roles, comms, status page)
Aurora investigates in the background (queries cloud, checks K8s, searches knowledge base)
On-call SRE finds Aurora's completed RCA with root cause and remediation
Aurora generates postmortem → exports to Confluence
Rootly tracks action items → syncs to Jira

Getting Started with Aurora

git clone https://github.com/Arvo-AI/aurora.git
cd aurora
make init
make prod-prebuilt

Configure your monitoring webhooks (PagerDuty, Datadog, Grafana), add cloud provider credentials, and investigations start automatically. See the full documentation for deployment guides.

PagerDuty Alternative for Root Cause Analysis: Why SRE Teams Are Adding AI Investigation

Siddharth Singh — Wed, 01 Apr 2026 21:36:15 +0000

Key Takeaway: PagerDuty is the industry standard for alerting and on-call management — but it doesn't investigate why incidents happen. Aurora is an open source AI agent that plugs into PagerDuty via webhooks and autonomously investigates root causes across AWS, Azure, GCP, and Kubernetes. They're complementary tools, but for teams spending hours on manual RCA, Aurora fills the gap PagerDuty doesn't cover.

PagerDuty has over 30,000 customers and dominates on-call management. It's excellent at what it does: detecting alerts, routing them to the right person, coordinating incident response, and tracking SLAs.

But here's the problem: PagerDuty pages you. Then you're on your own.

The actual investigation — SSHing into servers, querying CloudWatch, checking Kubernetes pod logs, correlating deployments with error spikes — is still manual. According to the VOID (Verica Open Incident Database), the median incident involves 3.5 contributing factors, and the investigation phase consumes the majority of mean time to resolve (MTTR).

This is the gap Aurora fills.

PagerDuty vs Aurora: Different Tools, Different Jobs

This isn't a "which is better" comparison. PagerDuty and Aurora solve different problems:

	PagerDuty	Aurora
Primary job	Alert routing, on-call, coordination	Root cause investigation
Answers the question	"Who needs to know and how do we coordinate?"	"Why did this happen and what should we fix?"
Trigger	Monitoring tool fires alert	PagerDuty webhook (or Datadog, Grafana, etc.)
Output	Engineer gets paged, war room opens	Structured RCA with timeline, root cause, remediation

They work together. Aurora ingests PagerDuty incident.triggered webhooks. When PagerDuty pages your SRE, Aurora is already investigating in the background.

What PagerDuty Does Well

PagerDuty's strengths are real and well-established:

On-call scheduling — Flexible rotations, escalation policies, shift overrides
Alert routing — 700+ integrations for ingesting alerts from every monitoring tool
Multi-channel paging — SMS, phone, push notifications, email
Incident coordination — War rooms, stakeholder communications, status pages
SLA tracking — Urgency-based alerting and escalation
AI noise reduction — AIOps add-on claims 91% alert noise reduction via intelligent correlation and deduplication

PagerDuty has also added AI features through PagerDuty Advance, including:

AI incident summaries ("catch me up" in Slack)
AI-generated status updates
AI postmortem drafts (Beta)
SRE Agent for triage and approved remediation actions
Probable Origin for pattern-based root cause suggestions

Where PagerDuty Stops

Despite the AI additions, PagerDuty's investigation capabilities have limits:

No autonomous multi-step investigation. PagerDuty's SRE Agent surfaces past incidents and patterns, but it doesn't autonomously query your AWS accounts, check Kubernetes pod status, correlate Terraform changes, or trace dependency graphs. The investigation itself is still on the engineer.

No native cloud infrastructure querying. PagerDuty receives alerts from CloudWatch, Azure Monitor, etc. — it doesn't query them directly. It can't run kubectl get pods or aws cloudwatch get-metric-data on your behalf during an investigation.

No knowledge base with vector search. PagerDuty's RAG capability is partial — it requires configuring Amazon Q Business as an external integration. There's no native vector search over your runbooks and past postmortems.

No code fix suggestions. PagerDuty can surface recent code changes that may be related to an incident, but it doesn't generate remediation code or create pull requests.

AI features are paid add-ons. AIOps starts at $699/month. PagerDuty Advance starts at $415/month. These are on top of per-user pricing ($21-$41+/user/month depending on tier).

What Aurora Does Differently

Aurora is an open source (Apache 2.0) AI agent that automates the investigation phase — the part that happens after you get paged.

Autonomous Investigation

When Aurora receives an alert webhook, its LangGraph-orchestrated AI agents:

Analyze the alert context (severity, service, timing)
Dynamically select from 30+ tools to investigate
Execute kubectl, aws, az, gcloud commands in sandboxed Kubernetes pods
Query logs, metrics, and recent deployments across cloud providers
Search the knowledge base for relevant runbooks and past incidents
Traverse the infrastructure dependency graph for blast radius
Synthesize everything into a structured root cause analysis

No human in the loop during investigation. The SRE gets paged by PagerDuty and finds a completed RCA waiting in Aurora.

Multi-Cloud Native

Aurora connects directly to your cloud infrastructure:

Provider	Authentication
AWS	STS AssumeRole (temporary credentials)
Azure	Service Principal
GCP	OAuth
OVH	API key
Scaleway	API token
Kubernetes	Kubeconfig via outbound WebSocket agent

25+ Verified Integrations

Category	Tools
Monitoring	PagerDuty, Datadog, Grafana, New Relic, Netdata, Dynatrace, Coroot, ThousandEyes, BigPanda, Splunk
Cloud	AWS, Azure, GCP, OVH, Scaleway
Infrastructure	Kubernetes, Terraform, Docker
CI/CD	GitHub, Bitbucket, Jenkins, CloudBees, Spinnaker
Docs & Knowledge	Confluence, Jira, SharePoint
Network	Cloudflare, Tailscale
Communication	Slack

Knowledge Base with RAG

Aurora includes a built-in Weaviate-powered vector store. Upload your runbooks, past postmortems, and documentation — the AI agent searches them during every investigation using semantic similarity, not just keyword matching.

AI Code Fix Suggestions

Aurora can generate pull requests with remediation code via its GitHub and Bitbucket integrations. It doesn't just tell you what's wrong — it suggests how to fix it with actual code.

Automated Postmortems

Structured postmortem documents generated automatically with:

Incident timeline with timestamps
Root cause identification with evidence and citations
Impact assessment
Remediation steps (taken and recommended)
One-click export to Confluence or Jira

Feature Comparison

Feature	PagerDuty	Aurora
On-call scheduling	Yes (core)	No
Alert routing & escalation	Yes (core)	No
SMS/phone/push paging	Yes (core)	No
Status pages	Yes (add-on, from $89/mo)	No
SLA/SLO tracking	Yes	No
Autonomous AI investigation	Partial (SRE Agent for triage)	Yes (full multi-step)
Native cloud querying	No (receives alerts)	Yes (AWS, Azure, GCP, OVH, Scaleway)
CLI execution on infra	Via Runbook Automation add-on	Yes (sandboxed K8s pods)
Knowledge base (RAG)	Via Amazon Q Business integration	Yes (native Weaviate)
Infrastructure graph	No	Yes (Memgraph)
AI postmortems	Beta (via Jeli)	Yes (with Confluence export)
AI code fix PRs	No	Yes (GitHub, Bitbucket)
Open source	No (Rundeck only)	Yes (Apache 2.0)
Self-hosted	No (SaaS only)	Yes (Docker, Helm)
LLM provider choice	No (undisclosed, fixed)	Yes (OpenAI, Anthropic, Google, Ollama)
Integrations	700+	25+
Pricing	From $21/user/mo + AI add-ons ($415-$699/mo)	Free (self-hosted)

Cost Comparison

For a team of 20 SREs on PagerDuty Business with AI features:

Line Item	PagerDuty	Aurora
Base platform	$41/user/mo x 20 = $820/mo	$0
AIOps	$699/mo	Included
PagerDuty Advance (GenAI)	$415/mo	Included
Status pages	$89/mo	Not included
Total	~$2,023/mo	$0 + infra + LLM API

Aurora's costs are infrastructure (a VM or K8s cluster) and LLM API usage. With Ollama running local models, the LLM cost is also $0.

Note: PagerDuty pricing verified from pagerduty.com/pricing as of March 2026. Aurora is free under Apache 2.0.

When to Use PagerDuty + Aurora Together

The strongest setup is running both:

PagerDuty receives alerts from your monitoring tools (Datadog, CloudWatch, Grafana)
PagerDuty pages the right on-call engineer via SMS/phone
Aurora receives the same alert via PagerDuty webhook (incident.triggered)
Aurora's AI agents investigate autonomously in the background
The on-call SRE opens Aurora and finds a completed RCA with root cause, timeline, and remediation
Aurora generates the postmortem and exports it to Confluence

PagerDuty handles the who and when. Aurora handles the why and how to fix it.

When Aurora Alone Might Be Enough

For smaller teams or budget-conscious organizations:

You don't need enterprise on-call — Your team is small enough that a simple rotation works
You already have alerting — Datadog, Grafana, or CloudWatch can send webhooks directly to Aurora
Investigation is your bottleneck — You're spending more time diagnosing than coordinating
You need self-hosted — Compliance or security requires keeping incident data on-premise
Budget is limited — PagerDuty + AI add-ons at $2,000+/mo isn't feasible

Aurora can ingest webhooks directly from any monitoring tool — PagerDuty is not required.

Getting Started

git clone https://github.com/Arvo-AI/aurora.git
cd aurora
make init
make prod-prebuilt

Configure your PagerDuty webhook to point at Aurora, add your cloud provider credentials, and investigations start automatically.

Multi-Cloud Incident Management: Challenges and Solutions

Siddharth Singh — Wed, 01 Apr 2026 19:37:18 +0000

Key Takeaway: 89% of organizations use a multi-cloud strategy, but investigating incidents across AWS, Azure, and GCP simultaneously remains a major pain point. AI-powered tools that can query multiple cloud providers in parallel eliminate the context-switching that slows manual investigation by 3-5x.

Multi-cloud adoption has become the default strategy for enterprises. According to Flexera's 2024 State of the Cloud Report, 89% of organizations have a multi-cloud strategy, with enterprises using an average of 3.4 cloud providers. Gartner predicts that by 2027, over 90% of organizations will adopt multi-cloud approaches.

The reasons are clear: avoiding vendor lock-in, leveraging best-of-breed services, meeting data residency requirements, and improving resilience. But this architectural choice creates a significant operational challenge: how do you investigate and resolve incidents that span multiple cloud providers simultaneously?

Top Challenges of Multi-Cloud Incident Management

Fragmented Observability

Each cloud provider has its own monitoring and logging ecosystem:

AWS: CloudWatch, X-Ray, CloudTrail
Azure: Azure Monitor, Application Insights, Log Analytics
GCP: Cloud Monitoring, Cloud Logging, Cloud Trace
Kubernetes: Prometheus, various logging solutions

When an incident spans multiple providers, engineers must context-switch between consoles, query languages, and data formats. A single investigation might require checking CloudWatch metrics, Azure Monitor alerts, and Kubernetes pod logs — all with different interfaces.

Inconsistent Tooling

Different cloud providers use different CLI tools (aws, az, gcloud, kubectl), different authentication mechanisms (IAM roles, service principals, service accounts), and different resource naming conventions. This inconsistency slows investigation and increases error rates.

Credential Management

Investigating incidents across clouds requires access credentials for each provider. Managing AWS access keys, Azure service principals, GCP service accounts, and Kubernetes kubeconfig files securely is a significant operational burden.

Blast Radius Assessment

In multi-cloud architectures, services often depend on resources across providers. A database in AWS might serve an application running in GCP, with traffic routed through Azure. Understanding the blast radius of an incident requires a cross-cloud dependency map.

Tribal Knowledge

Different team members often specialize in different clouds. When an incident spans AWS and Azure, you might need two specialists — and they might not be on call at the same time. Critical investigation knowledge is siloed.

"In a multi-cloud incident, the bottleneck isn't the tooling — it's finding someone who understands both AWS networking and Azure load balancing at 3 AM. AI agents that understand all clouds eliminate that dependency." — Noah Casarotto-Dinning, CEO at Arvo AI

According to the 2024 State of Cloud Strategy Survey by HashiCorp, 90% of enterprises report that multi-cloud skills gaps are a significant barrier to effective cloud operations.

Strategies for Cross-Cloud Incident Response

Unified Monitoring

Implement a monitoring layer that aggregates signals from all cloud providers. Tools like Datadog, Grafana, and New Relic can ingest metrics from multiple clouds, providing a single pane of glass.

Standardized Alerting

Route all alerts through a single platform (PagerDuty, Opsgenie) regardless of which cloud generated them. This ensures consistent severity classification and escalation.

Cross-Cloud Runbooks

Develop runbooks that account for multi-cloud scenarios. Instead of "check AWS CloudWatch," document the investigation flow across all relevant providers.

Infrastructure as Code

Use Terraform or similar tools to manage infrastructure across all providers. This creates a single source of truth for your cross-cloud architecture and makes it easier to identify configuration-related issues.

Automated Investigation

The most effective strategy is automating the cross-cloud investigation itself. AI agents that can query multiple cloud providers simultaneously eliminate the need for manual context-switching.

How Aurora Solves Multi-Cloud Incidents

Aurora was built specifically for multi-cloud incident management. Here's how it addresses each challenge:

Unified Cloud Connectors

Aurora connects to all major cloud providers through native connectors:

AWS: Uses STS AssumeRole for secure, temporary credentials
Azure: Azure Service Principal authentication
GCP: OAuth-based authentication
OVH: API key authentication
Scaleway: API token authentication
Kubernetes: Kubeconfig-based access

All connectors are configured once and used by the AI agent as needed during investigations.

Infrastructure Discovery Pipeline

Aurora's infrastructure discovery runs in three phases:

Bulk Discovery: Enumerates all resources across all connected cloud providers
Detail Enrichment: Gathers detailed configuration and metadata for each resource
Connection Inference: Maps dependencies between resources (e.g., which EC2 instances connect to which RDS databases)

This builds a comprehensive infrastructure graph in Memgraph that the AI agent uses for blast radius analysis.

Natural Language Investigation

Instead of learning five different CLI tools and query languages, engineers interact with Aurora through natural language:

"What caused the latency spike on the payment service?"
"Are there any failing pods in the production cluster?"
"Show me all resources affected by the us-east-1 connectivity issue"

Aurora translates these queries into the appropriate cloud-specific commands and aggregates the results.

Simultaneous Multi-Cloud Queries

During an investigation, Aurora's agents can execute commands across multiple cloud providers in parallel. While checking AWS CloudWatch metrics, it can simultaneously query Azure Monitor and Kubernetes pod status — something a human investigator would have to do sequentially.

Dependency Graph

Aurora's Memgraph-powered infrastructure graph provides cross-cloud dependency mapping. When an AWS RDS instance goes down, Aurora automatically identifies the Azure-hosted application that depends on it and the GCP-based load balancer that routes traffic to it.

Building a Multi-Cloud Incident Playbook

Map your cross-cloud dependencies: Use Aurora's infrastructure discovery or manually document how services interact across providers.
Standardize alerting: Route all alerts to a single platform with consistent severity levels.
Deploy unified investigation: Set up Aurora with connectors to all your cloud providers.
Create cross-cloud runbooks: Document investigation procedures that span providers.
Practice: Run game days that simulate multi-cloud incidents to test your team's response.
Review and improve: Use AI-generated postmortems to identify patterns in cross-cloud incidents.

Getting Started

git clone https://github.com/Arvo-AI/aurora.git
cd aurora
make init
make prod-prebuilt

Configure your cloud providers in Aurora's settings, connect your monitoring tools, and the AI agent will automatically investigate incidents across all your cloud environments.

Open Source Incident Management: Why It Matters

Siddharth Singh — Mon, 30 Mar 2026 20:52:37 +0000

Key Takeaway: Open source incident management tools like Aurora give SRE teams full data sovereignty, no vendor lock-in, and zero licensing costs. With enterprise platforms charging $1,500-$5,000+/month, self-hosted open source alternatives are gaining traction — especially for teams that need to audit how AI investigates their production infrastructure.

Open source has transformed every layer of the DevOps stack. Kubernetes orchestrates containers. Terraform manages infrastructure. Prometheus monitors metrics. Grafana visualizes data. According to the 2024 Open Source Security and Risk Analysis Report, 96% of commercial codebases contain open source components. Yet incident management — the critical process of detecting, investigating, and resolving outages — has remained largely proprietary.

This is changing. SRE teams are increasingly demanding open source alternatives to expensive, opaque incident management platforms. The reasons are practical: data sovereignty, customization, cost efficiency, and avoiding vendor lock-in.

Why Open Source for Incident Management?

Data Sovereignty

Incident data is some of the most sensitive information in your organization. It contains infrastructure details, service architectures, failure modes, and sometimes customer impact data. With a proprietary SaaS platform, this data lives on someone else's servers.

Open source, self-hosted incident management keeps your data in your environment. You control storage, access, retention, and encryption.

No Vendor Lock-In

Proprietary platforms create deep dependencies. Your runbooks, postmortem history, incident workflows, and integrations are locked into one vendor's ecosystem. Switching costs are enormous.

Open source gives you freedom. If the project goes in a direction you don't like, you can fork it. If you outgrow it, your data is yours to migrate.

Cost Efficiency

Enterprise incident management platforms charge $1,500-$5,000+ per month. For a growing team, this adds up fast — especially when you factor in per-seat and per-incident pricing models.

Self-hosted open source tools eliminate these costs. Your expenses are infrastructure (servers, storage) and LLM API usage if the tool uses AI.

Customization

Every organization's incident process is unique. Open source lets you modify investigation workflows, add custom integrations, and build tools specific to your infrastructure. No waiting for a vendor to add a feature to their roadmap.

Transparency

When an AI tool is investigating your production infrastructure, you need to understand exactly what it's doing. Open source means full visibility into the codebase — you can audit every decision the AI makes.

"If an AI agent is running kubectl commands on your production cluster, you should be able to read every line of code that decides what it runs. That's why we made Aurora open source." — Noah Casarotto-Dinning, CEO at Arvo AI

Top Open Source Incident Management Tools

Aurora by Arvo AI

Aurora is an AI-powered agentic incident management and RCA platform. Unlike workflow-focused tools, Aurora uses LangGraph-orchestrated LLM agents to autonomously investigate incidents.

Key features:

Agentic AI investigation across AWS, Azure, GCP, OVH, Scaleway, and Kubernetes
22+ tool integrations (PagerDuty, Datadog, Grafana, Slack, GitHub, Confluence)
Infrastructure dependency graph (Memgraph)
Knowledge base with vector search (Weaviate)
Terraform/IaC analysis
Automatic postmortem generation
Any LLM provider (OpenAI, Anthropic, Google, Ollama)
Apache 2.0 license

Deploy:

git clone https://github.com/Arvo-AI/aurora.git
cd aurora
make init
make prod-prebuilt

Grafana OnCall

An open source on-call management tool from Grafana Labs. Focuses on alert routing, escalation, and scheduling rather than investigation.

Best for: Teams already using the Grafana stack who need on-call scheduling and alert routing.

Keep

An open source alert management platform that aggregates alerts from multiple sources and provides deduplication and correlation.

Best for: Teams drowning in alerts who need better aggregation and noise reduction.

PagerDuty Community Edition (Limited)

PagerDuty offers limited open source tooling around their ecosystem but the core platform is proprietary.

Aurora Deep Dive

What makes Aurora unique in the open source space is its agentic approach. Here's what that means in practice:

Self-Hosted Architecture

Aurora runs entirely in your environment via Docker Compose or Helm chart:

Backend: Python with LangGraph for agent orchestration
Frontend: Next.js dashboard for incident visualization
Graph Database: Memgraph for infrastructure dependency mapping
Vector Store: Weaviate for knowledge base search
Secrets Management: HashiCorp Vault for secure credential storage
Web Search: Self-hosted SearXNG for searching external documentation

LLM Provider Flexibility

Aurora doesn't lock you into a single AI provider:

OpenAI: GPT-4 and newer models
Anthropic: Claude models
Google: Gemini models
Ollama: Run any open source model locally (Llama, Mistral, etc.)

This means you can run Aurora completely air-gapped with local models if your security requirements demand it.

Sandboxed Execution

When Aurora's agents need to run infrastructure commands, they execute in sandboxed Kubernetes pods. This means the AI can run kubectl, aws, az, and gcloud commands safely without risking your production environment.

Getting Started with Aurora

# Clone the repository
git clone https://github.com/Arvo-AI/aurora.git
cd aurora

# Initialize configuration
make init

# Start with pre-built images
make prod-prebuilt

For Kubernetes deployment, Aurora provides Helm charts:

helm install aurora ./helm/aurora

Configure your cloud providers, connect your monitoring tools, and Aurora begins investigating incidents automatically.

Originally published at arvoai.ca

Root Cause Analysis: The Complete Guide for SREs

Siddharth Singh — Thu, 26 Mar 2026 19:20:14 +0000

According to the 2023 DORA State of DevOps Report, elite-performing teams recover from incidents 7,200x faster than low performers — and effective root cause analysis is a key factor.

But RCA in cloud-native environments is fundamentally harder than it used to be.

A single user-facing issue might involve failing Kubernetes pods, misconfigured load balancers, overwhelmed databases, and a recent deployment — all across multiple cloud providers. Traditional manual investigation doesn't scale.

This guide covers the core RCA techniques, why they break down in cloud environments, and how AI is automating the process.

What is Root Cause Analysis?

Root cause analysis (RCA) is the systematic process of identifying the fundamental cause of an incident, outage, or system failure. Rather than treating symptoms, RCA finds and addresses the underlying issue that triggered the chain of events leading to the problem.

For SRE teams managing complex distributed systems, effective RCA is critical to preventing recurring incidents and improving system reliability.

Common RCA Techniques

The 5 Whys

The simplest and most widely used technique. Start with the problem and ask "why?" five times:

Why did the API return 500 errors? — The payment service was unreachable.
Why was the payment service unreachable? — All pods were in CrashLoopBackOff.
Why were pods crashing? — The service couldn't connect to the database.
Why couldn't it connect? — The database connection string was changed in a config update.
Why was the config changed incorrectly? — The deployment pipeline didn't validate environment variables.

Root cause: Missing environment variable validation in the CI/CD pipeline.

Fishbone Diagram (Ishikawa)

Categorizes potential causes into groups: People, Process, Technology, Environment. Useful for brainstorming sessions and incidents with multiple contributing factors.

Fault Tree Analysis

A top-down, deductive approach that maps logical relationships between events using AND/OR gates. Best for complex incidents where multiple conditions must be true simultaneously.

Timeline Analysis

Reconstructs the exact sequence of events leading to the incident. Essential for distributed systems where time correlation reveals causality.

Why RCA is Harder in Cloud-Native Environments

Cloud-native architectures introduce specific challenges:

Distributed systems — A single request might traverse dozens of microservices across multiple availability zones
Ephemeral infrastructure — Containers and serverless functions are short-lived, making post-incident investigation harder
Multi-cloud complexity — Resources spread across AWS, Azure, and GCP create fragmented observability
Configuration drift — Kubernetes manifests, Terraform, and cloud configs create a large surface area for misconfigurations
Blast radius — Dependency chains mean a single failure can cascade across your entire system

Traditional RCA assumes you can inspect the failed system after the fact. In cloud-native environments:

Crashed containers are replaced automatically — logs may be lost
Auto-scaling events change the infrastructure during the incident
Cloud provider APIs have rate limits that slow investigation
Cross-account, cross-region incidents require multiple sets of credentials
Kubernetes control plane issues affect cluster-wide observability

Automating RCA with AI

AI-powered RCA addresses these challenges by automating the investigation workflow.

Agent-Based Investigation

Modern AI RCA tools use autonomous agents that dynamically decide how to investigate. The agent receives an alert, decides which systems to query, executes commands to gather data, and synthesizes findings — much like an experienced SRE would.

Infrastructure Dependency Graphs

Graph databases (like Memgraph) map your entire infrastructure as a dependency graph. When an incident occurs, the AI traverses this graph to identify blast radius, find upstream causes, and understand cascade effects.

Knowledge Base Search

Vector search (RAG) over your organization's runbooks, past postmortems, and documentation gives the AI context that would otherwise only exist in senior engineers' heads.

Automated Postmortem Generation

Instead of spending hours writing postmortems, AI tools generate structured documents including:

Incident timeline with exact timestamps
Root cause identification with evidence
Impact assessment (affected services, users, duration)
Remediation steps taken and recommended
Action items for prevention

Best Practices for Effective RCA

"The most common RCA mistake is stopping at the first cause you find. Production incidents almost always have multiple contributing factors — a config change, a missing alert, and a deployment pipeline gap working together." — Noah Casarotto-Dinning, CEO at Arvo AI

According to a Verica Open Incident Database (VOID) analysis, the median incident involves 3.5 contributing factors, and incidents with 5+ contributing factors take 3x longer to resolve.

Start immediately — Begin RCA while the incident is fresh. Don't wait until next sprint planning.
Blameless culture — Focus on systems and processes, not individuals.
Preserve evidence — Capture logs, metrics, and configurations before auto-scaling destroys them.
Look for contributing factors — Most incidents have multiple causes. Don't stop at the first one.
Track action items — An RCA without follow-through is just documentation.
Automate where possible — Use AI tools to handle the repetitive parts so your team can focus on systemic insights.

How Aurora Automates RCA

Aurora is an open-source AI agent that automates root cause analysis for SRE teams:

Alert triggers investigation — A webhook from PagerDuty, Datadog, or Grafana starts the process
Agent formulates questions — The AI determines what to investigate based on alert context
Tool selection and execution — From 30+ tools, the agent runs kubectl commands, queries CloudWatch, checks recent Git commits
Dependency graph traversal — Memgraph-powered infrastructure graph identifies blast radius
Knowledge base search — Weaviate vector search finds relevant runbooks and past incidents
Root cause synthesis — Evidence from all sources synthesized into a structured RCA
Postmortem generation — Detailed postmortem generated and exportable to Confluence

Aurora supports AWS, Azure, GCP, OVH, Scaleway, and Kubernetes. It's open source (Apache 2.0) and can be self-hosted with any LLM provider.

  git clone https://github.com/Arvo-AI/aurora.git
  cd aurora                                                                                                                
  make init && make prod-prebuilt

Originally published at https://www.arvoai.ca/blog/root-cause-analysis-complete-guide-sres by https://www.arvoai.ca/

Aurora vs Traditional Incident Management Tools: An Honest Comparison

Siddharth Singh — Mon, 23 Mar 2026 18:52:15 +0000

The incident management market is projected to reach $5.6 billion by 2028. But not all incident management tools solve the same problem.

Traditional platforms like Rootly, FireHydrant, and incident.io focus on workflow automation — automating Slack channels, status pages, and runbook execution. A new category of agentic tools is emerging that automates the investigation itself.

This guide provides an honest comparison to help you choose the right approach for your team.

The Core Difference

Workflow automation:

An incident fires → tool creates a Slack channel → pages the on-call → runs a predefined runbook → generates a status page update
Humans still investigate the root cause

Agentic investigation (Aurora):

An incident fires → AI agent autonomously queries your infrastructure → runs CLI commands in sandboxed pods → searches your knowledge base → delivers a root cause analysis
The AI investigates. Humans review and remediate.

"We evaluated Rootly and FireHydrant but chose Aurora because we needed AI that actually investigates, not just routes alerts to
Slack. The open-source model meant we could audit exactly what the AI was doing on our infrastructure." — Early Aurora adopter

Feature Comparison

Approach:

Aurora: Agentic AI investigation
Rootly: Workflow automation
FireHydrant: Workflow automation
incident.io: Workflow automation
Shoreline: Runbook automation (acquired by NVIDIA)

AI Root Cause Analysis:

Aurora: Autonomous multi-step investigation
Rootly: AI summaries
FireHydrant: AI summaries
incident.io: AI summaries

Cloud Providers:

Aurora: AWS, Azure, GCP, OVH, Scaleway natively
Others: Via integrations only

Infrastructure Execution:

Aurora: CLI commands in sandboxed pods
Others: No direct infrastructure execution

Knowledge Base (RAG):

Aurora: Vector search over runbooks and postmortems
Others: None

Infrastructure Graph:

Aurora: Memgraph dependency mapping
Others: None (Shoreline had resource topology)

Open Source:

Aurora: Yes (Apache 2.0)
All others: No

Self-Hosted:

Aurora: Yes (Docker, Helm)
All others: No

LLM Provider:

Aurora: Any (OpenAI, Anthropic, Google, Ollama)
Others: Fixed/locked

Pricing:

Aurora: Free (self-hosted)
Rootly: ~$2,000/mo
FireHydrant: ~$1,500/mo
incident.io: Custom
Shoreline: N/A (acquired)

Integrations:

Aurora: 22+ tools
Rootly: 50+ tools
FireHydrant: 40+ tools
incident.io: 30+ tools

When to Choose Aurora

Aurora is the best fit when:

You want AI that investigates, not just summarizes. Aurora's agents autonomously query infrastructure, run commands, and correlate data across systems.
You run multi-cloud. Native support for AWS, Azure, GCP, OVH, Scaleway, and Kubernetes — not just API integrations.
You need open source. When an AI agent runs kubectl on your production cluster, you should be able to read every line of code.
You want LLM flexibility. Choose any provider, or run local models via Ollama for air-gapped environments.
Cost matters. No per-seat or per-incident pricing. Self-hosted is free.

When to Choose Traditional Tools Rootly, FireHydrant, or incident.io may be better when:

Process orchestration is the priority. Your main need is automating Slack channels, status pages, and stakeholder communication.
You need a larger ecosystem. 50+ integrations out of the box.
You prefer managed SaaS. No infrastructure to maintain.
You have established workflows. Your team has mature processes and just needs tooling to automate them.

The Open Source Advantage Aurora's Apache 2.0 license means:

No vendor lock-in — deploy on your infrastructure, use your LLM provider, keep your data
Full transparency — audit exactly how the AI investigates your incidents
Community-driven — contribute integrations, tools, and improvements
Cost efficiency — no per-seat pricing, self-hosted is free
Customization — modify investigation workflows, add custom tools

Getting Started

Try Aurora alongside your existing tooling — it complements rather than replaces workflow platforms:

  git clone https://github.com/Arvo-AI/aurora.git
  cd aurora
  make init
  make prod-prebuilt

Aurora can receive webhooks from PagerDuty, Datadog, and Grafana, running AI-powered investigations in the background while your existing incident process continues.

Originally published at https://www.arvoai.ca/blog/aurora-vs-traditional-incident-management-tools by https://www.arvoai.ca/

What is Agentic Incident Management? The End of 3 AM War Rooms

Siddharth Singh — Fri, 20 Mar 2026 22:17:33 +0000

How autonomous AI agents are replacing manual incident investigation for SRE teams.

Your on-call engineer gets paged at 3 AM.

They open their laptop. Check PagerDuty. Open CloudWatch. Switch to kubectl. Open Grafana. Check the deployment history in GitHub.
Search Slack for context from the last time this happened.

45 minutes later, they've found the root cause: a misconfigured environment variable in the latest deployment broke the database connection string.

The investigation itself was the bottleneck — not the fix.

This is the reality for most SRE teams. And it's the problem agentic incident management was built to solve.

So What Exactly is Agentic Incident Management?

Agentic incident management is an approach where autonomous AI agents investigate, diagnose, and help resolve cloud infrastructure incidents without step-by-step human direction.

Unlike traditional runbook automation that follows predefined scripts, agentic systems use large language models (LLMs) to dynamically decide which tools to use, what data to gather, and how to synthesize findings into actionable root cause analyses.

The key word is autonomous. The AI doesn't wait for instructions. It investigates.

How It's Different from What You're Using Now

Most incident management tools today — Rootly, FireHydrant, incident.io — focus on workflow automation. They're excellent at:

Creating a Slack channel when an incident fires
Paging the right on-call engineer
Running predefined runbooks
Generating status page updates

But they don't investigate the incident. A human still has to do that.

Agentic incident management automates the investigation itself:

Traditional approach:

Response: Human receives alert, starts manual investigation
Tool usage: Engineer manually queries each system
Knowledge: Depends on who's on call
Speed: 30–60 minutes for initial diagnosis
Documentation: Written after resolution (often days later)

Agentic approach:

Response: AI agent automatically triggered by webhook
Tool usage: Agent dynamically selects and chains 30+ tools
Knowledge: Searches entire knowledge base via RAG
Speed: Minutes for comprehensive analysis
Documentation: Auto-generated postmortem during investigation

How It Actually Works

Here's the workflow when a monitoring tool fires an alert:

Alert ingestion → A webhook from PagerDuty, Datadog, or Grafana triggers the AI agent.
Dynamic tool selection → The agent evaluates the alert context and autonomously selects from 30+ tools — querying Kubernetes clusters, running cloud CLI commands, searching logs, checking recent deployments.
Multi-step investigation → The agent conducts multi-step reasoning. It might check pod status in Kubernetes, trace the issue to a misconfigured deployment, then verify by examining the Terraform state.
Knowledge base search → Vector search (RAG) over your organization's runbooks, past postmortems, and documentation surfaces relevant historical context.
Root cause synthesis → The agent synthesizes findings into a structured root cause analysis with timeline, impact assessment, and remediation recommendations.
Postmortem generation → A detailed postmortem is automatically generated and can be exported to Confluence.

No human had to initiate any of these steps.

Why This Matters Now

Three trends are making manual incident investigation unsustainable:

Alert fatigue is real. SRE teams handle hundreds of alerts daily.
Most are noise, but each one requires triage. Agentic systems handle this automatically, escalating only when human judgment is needed.

Multi-cloud is the norm. Organizations use 3+ cloud providers on average.
Correlating incidents across AWS, Azure, and GCP manually — with different CLIs, different consoles, different authentication — doesn't scale.

Knowledge walks out the door. When your most experienced SRE goes on vacation, their investigation knowledge goes with them. Agentic systems with knowledge base RAG always have access to your team's collective expertise.

According to Gartner, by 2026, 30% of enterprises will adopt AI-augmented practices in IT service management — up from less than 5% in 2023.

What About Limitations?

Agentic incident management is powerful but not a silver bullet:

Complex systemic issues still require human judgment — AI agents excel at data gathering and correlation but may miss organizational or process-level root causes
Initial setup requires configuring cloud connectors, knowledge base ingestion, and permissions
LLM costs scale with investigation depth, though local models can mitigate this
Nascent ecosystem — best practices are still emerging

The goal isn't to replace on-call engineers. It's to give them a head start. When a human opens their laptop at 3 AM, the AI has already gathered the context, correlated the data, and narrowed down the root cause.

We Built an Open Source Version

We built Aurora because we believe incident investigation tooling should be transparent, self-hosted, and free.

Aurora is an open-source (Apache 2.0) agentic incident management platform that uses LangGraph-orchestrated LLM agents to investigate incidents across AWS, Azure, GCP, OVH, Scaleway, and Kubernetes.

What makes it different:

Open source — audit every line of code the AI runs on your infrastructure
Self-hosted — your incident data never leaves your environment
Any LLM — OpenAI, Anthropic, Google, or local models via Ollama
22+ integrations — PagerDuty, Datadog, Grafana, Slack, GitHub, Confluence
Free — no per-seat or per-incident pricing

Get started in 3 commands:

  git clone https://github.com/Arvo-AI/aurora.git
  cd aurora
  make init && make prod-prebuilt

Originally published at https://www.arvoai.ca/blog/what-is-agentic-incident-management

DEV Community: Siddharth Singh

Top 10 AIOps Platforms Offering Free Root Cause Analysis in 2026

Quick Comparison

1. Aurora by Arvo AI

2. Dynatrace

3. Datadog

4. New Relic

5. OpenObserve

6. Splunk ITSI

7. Grafana Cloud

8. Metoro

9. BigPanda

10. PagerDuty

How to Choose the Right Platform

Key Features to Look For

incident.io Alternative: Open Source AI Incident Management

What is incident.io?

What is Aurora?

How They Compare

AI Investigation

Key Difference

On-Call & Alerting

Incident Coordination

Feature Comparison

Pricing

Open Source vs SaaS

When to Choose incident.io

When to Choose Aurora

Using incident.io + Aurora Together

Limitations of Aurora

Getting Started with Aurora

FireHydrant Alternative: Open Source AI Incident Management

What is FireHydrant?

What is Aurora?

How They Compare

AI Capabilities

Incident Response & Coordination

On-Call & Alerting

Feature Comparison

Pricing

The Freshworks Acquisition Factor

When to Choose FireHydrant

When to Choose Aurora

Limitations of Aurora

Getting Started with Aurora

Resolve.ai Alternative: Open Source AI for Incident Investigation

What is Resolve.ai?

What is Aurora?

How They Compare

AI Investigation Approach

Cloud & Infrastructure

Integrations

Knowledge & Learning

Code Fixes & Remediation

Feature Comparison

Pricing

Open Source vs Enterprise SaaS

When to Choose Resolve.ai

When to Choose Aurora

Getting Started with Aurora

Further Reading

Rootly Alternative: Open Source AI Incident Management

What is Rootly?

What is Aurora?

How They Compare

Incident Response & Coordination

On-Call Management

AI Investigation

Knowledge Base

Postmortems

Feature Comparison

Pricing

Open Source vs SaaS

When to Choose Rootly

When to Choose Aurora

Using Rootly + Aurora Together

Getting Started with Aurora

Further Reading

PagerDuty Alternative for Root Cause Analysis: Why SRE Teams Are Adding AI Investigation

PagerDuty vs Aurora: Different Tools, Different Jobs