The Problem
Post-incident investigations are slow, manual, and depend on institutional knowledge that walks out the door. Root cause analysis is inconsistent. Recurring incidents share the same root cause with different symptoms.
What It Does
Feed it a production incident. Returns:
- 5-Why trace
- Impacted symbol and dependency graph
- Historical pattern matches against prior incidents
- Structured remediation brief
Try It
activate nablr
Set agent to forensic_engineer. [describe the incident]
Always provide context upfront — the more specific, the faster the RCA:
Set agent to forensic_engineer. The payment API returns 500 errors when the cart contains more than 10 items. Started after yesterday's deploy.
Then proceed to fix:
Set agent to strategist
Set agent to developer. Implement the approved fix
Expected Output
nablr-reports/forensic_engineer/rca_*.md — 5-Why trace + root cause
- Impacted symbol graph
- Remediation brief with recommended fix
- Regression test to prevent recurrence
Who This Is For
- SRE and platform teams
- On-call engineers
- Engineering managers running post-mortems
- Any organization where incident resolution time directly affects revenue or SLA
Paste the error message, stack trace, or log snippet directly into the prompt. ForensicsIQ uses concrete evidence, not guesses.