search

ahshtio / backlog

The broad functionality that should be implemented across the ahsht stack.
0 stars 0 forks source link

Publication: Comparison of incident response workflows #5

Open andrewhowdencom opened 4 years ago

andrewhowdencom commented 4 years ago

A comparison of the different IR workflows with an opinionated default and tests against previous incidents.

See:

  1. Reconstruct timeline
  2. Look for deviations from existing models
  3. Look for broader patterns in limiting or reducing failure 3a. bulkheading failure (by feature or traffic percentage) 3b. advertising failure behaviours to clients 3c. degrade to cached content (hard for write clients) n. propagate knowledge (or mark as evidence for tooling?) n+n. pattern match post mortems; look for common terms or so.

tests