Submission type
Coded Agent with UiPath SDK
Name
Talbot: Multi-Agent Intelligence System for Network Support Operations
Industry category in which use case would best fit in (Select up to 2 industries)
Operations
Complexity level
Advanced
Summary (abstract)
Talbot is an intelligent multi-agent system built with UiPath SDK that autonomously resolves Cato Networks client support tickets by orchestrating specialized agents across multiple internal systems. The system uses an Analyzer Agent to extract critical entities (POPs, Sockets, Locations) from Zendesk tickets, a Planning Agent to create data-gathering strategies, and specialized agents (CMA, Grafana, Hub) that leverage Amazon Bedrock’s RAG system and Code Interpreter to dynamically generate system-specific queries. API documentation is stored in Bedrock Knowledge Base, enabling zero-code-change adaptation to API updates. A Response Crafter Agent synthesizes findings into comprehensive client responses. The entire workflow is triggered via UiPath integration with Zendesk, automating what previously required manual investigation across disconnected systems. Target: 20% reduction in T1 ticket response time through intelligent multi-system orchestration and dynamic query generation.
Detailed problem statement
Cato Networks support operations face three critical challenges as client adoption scales:
EXPONENTIAL TICKET VOLUME GROWTH
As Cato Networks expands its SASE (Secure Access Service Edge) platform globally, support ticket volume continues to increase exponentially. Support engineers receive hundreds of client tickets daily through Zendesk covering network connectivity issues, configuration problems, performance degradation, security incidents, and system monitoring alerts. The current manual triage and investigation process cannot scale with client growth, creating longer response times and customer dissatisfaction.
INFORMATION SCATTERED ACROSS DISCONNECTED SYSTEMS
Resolving a single ticket requires support engineers to manually gather contextual data from multiple specialized systems:
CMA (Cato Management Application): Client configurations, site topology, device status, policy settings, account information
Grafana: Real-time and historical metrics on POPs (Points of Presence), network performance, traffic patterns, latency measurements, throughput statistics
Hub: Internal system documentation, known issues database, troubleshooting runbooks, escalation procedures
Engineers waste 40-60% of their time context-switching between systems, copying data, and manually correlating information. Critical data is often missed because engineers don’t know which system to check or what entities to investigate. There’s no intelligent layer to automatically identify relevant entities and orchestrate data gathering across systems.
MANUAL ENTITY EXTRACTION AND CORRELATION
Each ticket contains multiple entities that require investigation: specific POPs (network edge locations), Sockets (customer sites), Locations (branch offices), device IDs, account names, and IP addresses. Engineers must manually:
Read through lengthy ticket descriptions to identify entities
Determine which entities are critical vs. peripheral
Query each system individually for each entity
Correlate data points across systems to identify root causes
Synthesize findings into coherent client responses
This manual process adds 15-30 minutes per ticket and introduces human error, inconsistent investigation depth, and knowledge gaps when less experienced engineers handle complex tickets.
NO STANDARDIZED INVESTIGATION FRAMEWORK
Different engineers use different investigation approaches, leading to:
Inconsistent data gathering (some engineers check all systems, others skip critical sources)
Varying response quality and completeness
Knowledge silos (senior engineers have mental models of system relationships that junior engineers lack)
No audit trail of what data was checked during investigation
Difficulty training new support engineers on optimal investigation workflows
BUSINESS IMPACT:
Average T1 ticket response time: 45-60 minutes
30% of tickets require follow-up investigation due to incomplete initial data gathering
Client satisfaction scores declining as response times increase with volume
Engineer burnout from repetitive manual data gathering tasks
Scaling support team linearly with ticket growth is cost-prohibitive
Detailed solution
Talbot is an intelligent multi-agent orchestration system that automates the entire ticket investigation and response workflow through specialized AI agents and UiPath integration.
ARCHITECTURE OVERVIEW
TRIGGER LAYER (UiPath Workflow)
UiPath workflow monitors Zendesk for new client tickets
Extracts ticket content, metadata, priority, and client information
Initiates Talbot multi-agent system via API call
Posts final responses back to Zendesk with proper formatting and attachments
AGENT LAYER (Multi-Agent System)
ANALYZER AGENT (Entity Extraction & Prioritization)
Receives complete ticket content and metadata
Uses LLM reasoning to identify and extract critical entities:
POPs (Points of Presence) - network edge locations mentioned or implied
Sockets - customer site connections
Locations - branch offices, data centers
Device IDs, account names, IP addresses, policy names
Prioritizes entities by relevance to the reported issue
Outputs structured entity list with priority rankings
Example: Ticket mentions “connectivity issues at San Francisco office” → Analyzer extracts: [Socket: “SF-Branch-01”, POP: “US-West-1”, Location: “San Francisco HQ”, Priority: High]
PLANNING AGENT (Investigation Strategy & Orchestration)
Receives analyzer output, ticket content, and available specialized agents
Creates an intelligent investigation plan:
Determines which specialized agents to invoke (CMA, Grafana, Hub)
Specifies which entities to investigate in each system
Defines data dependencies (e.g., get account details from CMA before querying Grafana metrics)
Assigns priority order for parallel vs. sequential agent execution
Identifies missing information and formulates clarifying questions for clients if needed
Outputs structured execution plan with agent assignments
Example Plan:
Step 1: CMA Agent → Get Socket “SF-Branch-01” configuration, device status, recent changes
Step 2: Grafana Agent → Pull POP “US-West-1” metrics for last 24 hours, latency to SF-Branch-01
Step 3: Hub Agent → Search known issues for “Socket connectivity + US-West-1”
Step 4: Response Crafter → Synthesize findings into client response
SPECIALIZED AGENTS (System-Specific Data Gathering)
CMA AGENT:
Connects to Cato Management Application APIs
Retrieves client-specific configurations:
Account settings and subscription details
Site topology and device inventory
Socket status, health metrics, configuration history
Recent policy changes or administrative actions
User access logs and authentication events
Returns structured JSON with relevant data points
GRAFANA AGENT:
Queries Grafana dashboards and PromQL/Loki APIs
Collects network performance metrics:
POP health status and capacity utilization
Latency measurements between POPs and Sockets
Traffic throughput, packet loss, jitter statistics
Historical trends and anomaly detection
Alert history for specified entities
Identifies performance degradation patterns
HUB AGENT:
Searches internal knowledge base and documentation
Retrieves:
Known issues and bug reports matching ticket symptoms
Troubleshooting runbooks for similar scenarios
Internal technical documentation
Escalation procedures and workarounds
Previous ticket resolutions with similar entity patterns
RESPONSE CRAFTER AGENT (Synthesis & Client Communication)
Receives data from all specialized agents
Analyzes findings to identify root causes and patterns
Synthesizes information into coherent client response:
Executive summary of findings
Detailed analysis with supporting data
Root cause explanation (if identified)
Resolution steps or workarounds
Escalation recommendation if needed
Formats response with proper Zendesk markdown, data tables, and links
Generates confidence score for response quality
INTEGRATION LAYER
UiPath workflow posts Response Crafter output back to Zendesk ticket
Includes all supporting data as ticket comments or attachments
Updates ticket status, priority, and tags based on findings
Logs complete investigation audit trail for compliance
FUTURE ENHANCEMENT: Human-in-the-Loop Validation
Low-confidence responses (<70%) will trigger Action Center workflow
Support engineer reviews agent findings and response before posting
Engineer feedback trains and improves agent accuracy over time
KEY INNOVATIONS
Multi-Agent Orchestration: Unlike single-agent systems, Talbot uses specialized agents that mirror how experienced engineers investigate tickets - systematically gathering data from each relevant system
Intelligent Entity Extraction: LLM-based analyzer identifies not just explicitly mentioned entities, but also infers implicit entities from context (e.g., “West Coast latency issues” → identifies all US-West POPs)
Dynamic Planning: Planning Agent adapts investigation strategy based on ticket type, available data, and entity relationships rather than following fixed workflows
Cross-System Correlation: Automatically correlates findings across CMA, Grafana, and Hub to identify patterns that manual investigation might miss
Structured Knowledge Synthesis: Response Crafter produces standardized, high-quality responses that match senior engineer quality regardless of complexity
WORKFLOW EXAMPLE
Scenario: Client reports “Slow VPN performance from Chicago office”
Trigger: UiPath detects new Zendesk ticket, extracts content
Analyzer: Identifies entities → [Socket: “CHI-Office-Main”, POP: “US-Central-1”, Location: “Chicago HQ”]
Planning: Creates plan:
CMA Agent: Get CHI-Office-Main config, bandwidth allocation, recent changes
Grafana Agent: Pull US-Central-1 metrics, latency to Chicago, bandwidth usage
Hub Agent: Search for “slow performance + Chicago + VPN”
Specialized Agents Execute:
CMA: Returns that bandwidth was reduced from 500Mbps to 100Mbps yesterday
Grafana: Shows US-Central-1 POP is healthy, but Socket bandwidth maxed at 100Mbps since yesterday
Hub: Finds similar tickets resolved by restoring bandwidth allocation
Response Crafter: Synthesizes findings:
Root Cause: Bandwidth allocation for CHI-Office-Main Socket was reduced from 500Mbps to 100Mbps on [date] due to subscription tier change. The Socket is now consistently hitting the 100Mbps limit during business hours, causing VPN performance degradation.
Resolution: We recommend either:
Upgrade to higher bandwidth tier
Implement QoS policies to prioritize critical traffic
I’ve attached your current usage statistics showing peak utilization of 98% during 9AM-5PM.
UiPath Posts: Response appears in Zendesk ticket within 2-3 minutes of ticket creation
TECHNICAL IMPLEMENTATION
Framework: UiPath SDK with custom LangGraph orchestration
LLM: Claude Sonnet 3.5 for reasoning and entity extraction
RAG System: Amazon Bedrock Knowledge Base for API documentation retrieval
Code Generation: Amazon Bedrock Code Interpreter for dynamic query generation
APIs: Zendesk REST API, CMA internal APIs, Grafana API, Hub search API
Data Format: JSON schemas for inter-agent communication
Monitoring: UiPath Orchestrator for workflow tracking and agent performance metrics
Narrated video link (sample: https://bit.ly/4pvuNEL)
Expected impact of this automation
QUANTIFIED BENEFITS
RESPONSE TIME REDUCTION
Current State: Average T1 ticket response time = 45-60 minutes
Target State: 20% reduction = 36-48 minutes average
Mechanism: Talbot eliminates 10-15 minutes of manual data gathering per ticket by parallelizing queries across CMA, Grafana, and Hub
EFFICIENCY GAINS
Engineer Time Saved: 40-60% of investigation time (data gathering) automated
Monthly Impact: Assuming 1,000 T1 tickets/month, saving 15 min/ticket = 250 hours/month = 6.25 FTE weeks freed for complex issues
Consistency: 100% of tickets receive standardized investigation depth vs. 60-70% currently
QUALITY IMPROVEMENTS
First-Contact Resolution: Expected increase from 45% to 60% through comprehensive automated data gathering
Reduced Follow-ups: 30% of tickets currently require additional investigation; target reduction to 15% through complete initial analysis
Knowledge Capture: Every investigation creates structured audit trail for future reference and training
SCALABILITY
Cost Avoidance: Support team can handle 30-40% more ticket volume without headcount increase
Growth Enablement: Support capacity scales with automation rather than linear hiring
Onboarding: New engineers productive faster using Talbot’s standardized investigation framework
CLIENT SATISFACTION
Faster Responses: 20% reduction in response time directly improves CSAT scores
Better Quality: Comprehensive investigation reduces “we need more info” responses
Transparency: Clients receive detailed analysis with supporting data vs. vague troubleshooting steps
MEASURABLE KPIS
Average T1 Ticket Response Time: 45-60 min → 36-48 min (20% reduction)
% Tickets with Complete First Response: 45% → 60%
Engineer Hours Saved per Month: 250+ hours
Tickets Handled per Engineer per Day: 15 → 20-22 (+30-45%)
Follow-up Investigation Rate: 30% → 15%
Client CSAT Score: Baseline +10-15 points
LONG-TERM STRATEGIC VALUE
Knowledge Base: Structured investigation data trains future ML models for predictive issue detection
Pattern Recognition: Cross-ticket analysis identifies systemic issues vs. isolated incidents
Proactive Support: Grafana metric anomalies trigger preemptive tickets before clients report issues
Competitive Advantage: Cato Networks differentiates on support quality and response speed
UiPath products used (select up to 4 items)
UiPath Orchestrator
Automation Applications
UiPath Coded Agent, Orchestrator, integration Services, Zendesk
Integration with external technologies
AWS Bedrock, AWS Agent core
Hi there, 
Nov 5–16: Jury evaluation by 
Nov 17: Winners announced 
.
,