Deployed 23a9056
with MkDocs version: 0.16.1
477
404.html
Normal file
@ -0,0 +1,477 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if lt IE 7 ]><html class="no-js ie6"><![endif]-->
|
||||||
|
<!--[if IE 7 ]><html class="no-js ie7"><![endif]-->
|
||||||
|
<!--[if IE 8 ]><html class="no-js ie8"><![endif]-->
|
||||||
|
<!--[if IE 9 ]><html class="no-js ie9"><![endif]-->
|
||||||
|
<!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
|
||||||
|
<title>Spearhead Systems Incident Response Documentation</title>
|
||||||
|
|
||||||
|
<!-- Author and License -->
|
||||||
|
<meta name="author" content="Spearhead Systems, Inc." />
|
||||||
|
<meta name="dcterms.license" content="http://www.apache.org/licenses/LICENSE-2.0" />
|
||||||
|
|
||||||
|
<!-- Page Description -->
|
||||||
|
<meta name="description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work.">
|
||||||
|
<meta name="keywords" content="spearhead, incident, response" />
|
||||||
|
<meta name="robots" content="index, follow, noarchive" />
|
||||||
|
|
||||||
|
<!-- Mobile -->
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0" />
|
||||||
|
<meta name="theme-color" content="#1f293a" />
|
||||||
|
|
||||||
|
<!-- Canonical Link -->
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Favicon -->
|
||||||
|
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="/assets/img/icon.png" />
|
||||||
|
<link rel="icon" type="image/x-icon" href="/assets/img/icon.png" />
|
||||||
|
|
||||||
|
<!-- Apple -->
|
||||||
|
<meta name="apple-mobile-web-app-title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||||
|
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
|
||||||
|
<link rel="apple-touch-icon" href="/assets/img/icon.png">
|
||||||
|
|
||||||
|
<!-- Open Graph -->
|
||||||
|
<meta property="og:url" content="" />
|
||||||
|
<meta property="og:title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:site_name" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta property="og:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
<meta property="og:locale" content="en_US" />
|
||||||
|
<meta property="og:type" content="website" />
|
||||||
|
|
||||||
|
<!-- Twitter -->
|
||||||
|
<meta name="twitter:card" content="summary_large_image" />
|
||||||
|
<meta name="twitter:title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="twitter:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta name="twitter:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
|
||||||
|
<!-- Style -->
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Icon';
|
||||||
|
src: url('/assets/fonts/icon.eot?52m981');
|
||||||
|
src: url('/assets/fonts/icon.eot?#iefix52m981')
|
||||||
|
format('embedded-opentype'),
|
||||||
|
url('/assets/fonts/icon.woff?52m981')
|
||||||
|
format('woff'),
|
||||||
|
url('/assets/fonts/icon.ttf?52m981')
|
||||||
|
format('truetype'),
|
||||||
|
url('/assets/fonts/icon.svg?52m981#icon')
|
||||||
|
format('svg');
|
||||||
|
font-weight: normal;
|
||||||
|
font-style: normal;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<link rel="stylesheet" href="/assets/stylesheets/application-a422ff04cc.css">
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="/assets/stylesheets/palettes-05ab2406df.css">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Mono">
|
||||||
|
<style>
|
||||||
|
body, input {
|
||||||
|
font-family: 'Roboto', Helvetica, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
pre, code {
|
||||||
|
font-family: 'Roboto Mono', 'Courier New', 'Courier', monospace;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="/assets/css/extra.css">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Scripts -->
|
||||||
|
<script src="/assets/javascripts/modernizr-4ab42b99fd.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<body class="palette-primary-green palette-accent-blue-grey">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="backdrop">
|
||||||
|
<div class="backdrop-paper"></div>
|
||||||
|
</div>
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-drawer">
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-search">
|
||||||
|
<label class="toggle-button overlay" for="toggle-drawer"></label>
|
||||||
|
<header class="header">
|
||||||
|
<nav aria-label="Header">
|
||||||
|
<div class="bar default">
|
||||||
|
<div class="button button-menu" role="button" aria-label="Menu">
|
||||||
|
<label class="toggle-button icon icon-menu" for="toggle-drawer">
|
||||||
|
<span></span>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="mainlogo">
|
||||||
|
<a href="/" title="Go to homepage.">
|
||||||
|
<img src="/assets/img/logo.png" title="Spearhead Systems" />
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="title">
|
||||||
|
<span class="">
|
||||||
|
Incident Response
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-twitter" role="button" aria-label="Twitter">
|
||||||
|
<a href="https://twitter.com/spearhead_sys" title="@spearhead_sys on Twitter" target="_blank" class="toggle-button icon icon-twitter"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-github" role="button" aria-label="GitHub">
|
||||||
|
<a href="https://github.com/spearheadsys" title="@spearheadsys on GitHub" target="_blank" class="toggle-button icon icon-github"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="button button-search" role="button" aria-label="Search">
|
||||||
|
<label class="toggle-button icon icon-search" title="Search" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="bar search">
|
||||||
|
<div class="button button-close" role="button" aria-label="Close">
|
||||||
|
<label class="toggle-button icon icon-back" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="field">
|
||||||
|
<input class="query" type="text" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-reset" role="button" aria-label="Search">
|
||||||
|
<button class="toggle-button icon icon-close" id="reset-search"></button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<main class="main">
|
||||||
|
|
||||||
|
<div class="drawer">
|
||||||
|
<nav aria-label="Navigation">
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs" class="project">
|
||||||
|
<div class="banner">
|
||||||
|
|
||||||
|
<div class="logo">
|
||||||
|
<img src="/assets/img/icon.png">
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="name">
|
||||||
|
<strong>
|
||||||
|
Spearhead Systems Incident Response Documentation
|
||||||
|
<span class="version">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</strong>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
spearheadsys/issue-response-docs
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<ul class="repo">
|
||||||
|
<li class="repo-download">
|
||||||
|
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/archive/master.zip" target="_blank" title="Download" data-action="download">
|
||||||
|
<i class="icon icon-download"></i> Download
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
<li class="repo-stars">
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/stargazers" target="_blank" title="Stargazers" data-action="star">
|
||||||
|
<i class="icon icon-star"></i> Stars
|
||||||
|
<span class="count">–</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Home" href="">
|
||||||
|
Home
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">On-Call</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Being On-Call" href="/oncall/being_oncall">
|
||||||
|
Being On-Call
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Alerting Principles" href="/oncall/alerting_principles">
|
||||||
|
Alerting Principles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Before an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Severity Levels" href="/before/severity_levels">
|
||||||
|
Severity Levels
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Different Roles" href="/before/different_roles">
|
||||||
|
Different Roles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Call Etiquette" href="/before/call_etiquette">
|
||||||
|
Call Etiquette
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">During an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="During An Incident" href="/during/during_an_incident">
|
||||||
|
During An Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Security Incident" href="/during/security_incident_response">
|
||||||
|
Security Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">After an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Process" href="/after/post_mortem_process">
|
||||||
|
Post-Mortem Process
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Template" href="/after/post_mortem_template">
|
||||||
|
Post-Mortem Template
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Training</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Overview" href="/training/overview">
|
||||||
|
Overview
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Team Leader" href="/training/team_leader">
|
||||||
|
Team Leader
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Sysadmin" href="/training/sysadmin">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Scribe" href="/training/scribe">
|
||||||
|
Scribe
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Subject Matter Expert" href="/training/subject_matter_expert">
|
||||||
|
Subject Matter Expert
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Glossary" href="/training/glossary">
|
||||||
|
Glossary
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="About" href="/about">
|
||||||
|
About
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</div>
|
||||||
|
<article class="article">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<h1>Spearhead Systems Incident Response Documentation</h1>
|
||||||
|
|
||||||
|
|
||||||
|
<aside class="copyright" role="note">
|
||||||
|
|
||||||
|
Copyright © Spearhead Systems, Inc. –
|
||||||
|
|
||||||
|
Documentation built with
|
||||||
|
<a href="http://www.mkdocs.org" target="_blank">MkDocs</a>
|
||||||
|
using the
|
||||||
|
<a href="http://squidfunk.github.io/mkdocs-material/" target="_blank">
|
||||||
|
Material
|
||||||
|
</a>
|
||||||
|
theme.
|
||||||
|
</aside>
|
||||||
|
|
||||||
|
|
||||||
|
<section id="error">
|
||||||
|
<h1>Sorry! We couldn't find that page.</h1>
|
||||||
|
<p>Looks like our well-trained server monkeys dropped the ball. Rest assured they will be dealt with. In the meantime, you probably want to <a href="/">head home</a>.
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<footer class="footer">
|
||||||
|
|
||||||
|
<nav class="pagination" aria-label="Footer">
|
||||||
|
<div class="previous">
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="next">
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
|
<div class="results" role="status" aria-live="polite">
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
<div class="meta"></div>
|
||||||
|
<div class="list"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
<script>
|
||||||
|
var base_url = '';
|
||||||
|
var repo_id = 'spearheadsys/issue-response-docs';
|
||||||
|
</script>
|
||||||
|
<script src="/assets/javascripts/application-997097ee0c.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
547
about/index.html
Normal file
@ -0,0 +1,547 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if lt IE 7 ]><html class="no-js ie6"><![endif]-->
|
||||||
|
<!--[if IE 7 ]><html class="no-js ie7"><![endif]-->
|
||||||
|
<!--[if IE 8 ]><html class="no-js ie8"><![endif]-->
|
||||||
|
<!--[if IE 9 ]><html class="no-js ie9"><![endif]-->
|
||||||
|
<!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
|
||||||
|
<title>About - Spearhead Systems Incident Response Documentation</title>
|
||||||
|
|
||||||
|
<!-- Author and License -->
|
||||||
|
<meta name="author" content="Spearhead Systems, Inc." />
|
||||||
|
<meta name="dcterms.license" content="http://www.apache.org/licenses/LICENSE-2.0" />
|
||||||
|
|
||||||
|
<!-- Page Description -->
|
||||||
|
|
||||||
|
<meta name="keywords" content="spearhead, incident, response" />
|
||||||
|
<meta name="robots" content="index, follow, noarchive" />
|
||||||
|
|
||||||
|
<!-- Mobile -->
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0" />
|
||||||
|
<meta name="theme-color" content="#1f293a" />
|
||||||
|
|
||||||
|
<!-- Canonical Link -->
|
||||||
|
<link rel="canonical" href="https://response.spearhead.systems/about/">
|
||||||
|
|
||||||
|
<!-- Favicon -->
|
||||||
|
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="../assets/img/icon.png" />
|
||||||
|
<link rel="icon" type="image/x-icon" href="../assets/img/icon.png" />
|
||||||
|
|
||||||
|
<!-- Apple -->
|
||||||
|
<meta name="apple-mobile-web-app-title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||||
|
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
|
||||||
|
<link rel="apple-touch-icon" href="../assets/img/icon.png">
|
||||||
|
|
||||||
|
<!-- Open Graph -->
|
||||||
|
<meta property="og:url" content="https://response.spearhead.systems/about/" />
|
||||||
|
<meta property="og:title" content="About - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:site_name" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta property="og:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
<meta property="og:locale" content="en_US" />
|
||||||
|
<meta property="og:type" content="website" />
|
||||||
|
|
||||||
|
<!-- Twitter -->
|
||||||
|
<meta name="twitter:card" content="summary_large_image" />
|
||||||
|
<meta name="twitter:title" content="About - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="twitter:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta name="twitter:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
|
||||||
|
<!-- Style -->
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Icon';
|
||||||
|
src: url('../assets/fonts/icon.eot?52m981');
|
||||||
|
src: url('../assets/fonts/icon.eot?#iefix52m981')
|
||||||
|
format('embedded-opentype'),
|
||||||
|
url('../assets/fonts/icon.woff?52m981')
|
||||||
|
format('woff'),
|
||||||
|
url('../assets/fonts/icon.ttf?52m981')
|
||||||
|
format('truetype'),
|
||||||
|
url('../assets/fonts/icon.svg?52m981#icon')
|
||||||
|
format('svg');
|
||||||
|
font-weight: normal;
|
||||||
|
font-style: normal;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<link rel="stylesheet" href="../assets/stylesheets/application-a422ff04cc.css">
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../assets/stylesheets/palettes-05ab2406df.css">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Mono">
|
||||||
|
<style>
|
||||||
|
body, input {
|
||||||
|
font-family: 'Roboto', Helvetica, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
pre, code {
|
||||||
|
font-family: 'Roboto Mono', 'Courier New', 'Courier', monospace;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../assets/css/extra.css">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Scripts -->
|
||||||
|
<script src="../assets/javascripts/modernizr-4ab42b99fd.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<body class="palette-primary-green palette-accent-blue-grey">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="backdrop">
|
||||||
|
<div class="backdrop-paper"></div>
|
||||||
|
</div>
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-drawer">
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-search">
|
||||||
|
<label class="toggle-button overlay" for="toggle-drawer"></label>
|
||||||
|
<header class="header">
|
||||||
|
<nav aria-label="Header">
|
||||||
|
<div class="bar default">
|
||||||
|
<div class="button button-menu" role="button" aria-label="Menu">
|
||||||
|
<label class="toggle-button icon icon-menu" for="toggle-drawer">
|
||||||
|
<span></span>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="mainlogo">
|
||||||
|
<a href="/" title="Go to homepage.">
|
||||||
|
<img src="../assets/img/logo.png" title="Spearhead Systems" />
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="title">
|
||||||
|
<span class="path">
|
||||||
|
Incident Response
|
||||||
|
<i class="icon icon-link"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="path">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
About
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-twitter" role="button" aria-label="Twitter">
|
||||||
|
<a href="https://twitter.com/spearhead_sys" title="@spearhead_sys on Twitter" target="_blank" class="toggle-button icon icon-twitter"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-github" role="button" aria-label="GitHub">
|
||||||
|
<a href="https://github.com/spearheadsys" title="@spearheadsys on GitHub" target="_blank" class="toggle-button icon icon-github"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="button button-search" role="button" aria-label="Search">
|
||||||
|
<label class="toggle-button icon icon-search" title="Search" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="bar search">
|
||||||
|
<div class="button button-close" role="button" aria-label="Close">
|
||||||
|
<label class="toggle-button icon icon-back" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="field">
|
||||||
|
<input class="query" type="text" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-reset" role="button" aria-label="Search">
|
||||||
|
<button class="toggle-button icon icon-close" id="reset-search"></button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<main class="main">
|
||||||
|
|
||||||
|
<div class="drawer">
|
||||||
|
<nav aria-label="Navigation">
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs" class="project">
|
||||||
|
<div class="banner">
|
||||||
|
|
||||||
|
<div class="logo">
|
||||||
|
<img src="../assets/img/icon.png">
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="name">
|
||||||
|
<strong>
|
||||||
|
Spearhead Systems Incident Response Documentation
|
||||||
|
<span class="version">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</strong>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
spearheadsys/issue-response-docs
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<ul class="repo">
|
||||||
|
<li class="repo-download">
|
||||||
|
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/archive/master.zip" target="_blank" title="Download" data-action="download">
|
||||||
|
<i class="icon icon-download"></i> Download
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
<li class="repo-stars">
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/stargazers" target="_blank" title="Stargazers" data-action="star">
|
||||||
|
<i class="icon icon-star"></i> Stars
|
||||||
|
<span class="count">–</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Home" href="..">
|
||||||
|
Home
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">On-Call</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Being On-Call" href="../oncall/being_oncall/">
|
||||||
|
Being On-Call
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Alerting Principles" href="../oncall/alerting_principles/">
|
||||||
|
Alerting Principles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Before an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Severity Levels" href="../before/severity_levels/">
|
||||||
|
Severity Levels
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Different Roles" href="../before/different_roles/">
|
||||||
|
Different Roles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Call Etiquette" href="../before/call_etiquette/">
|
||||||
|
Call Etiquette
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">During an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="During An Incident" href="../during/during_an_incident/">
|
||||||
|
During An Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Security Incident" href="../during/security_incident_response/">
|
||||||
|
Security Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">After an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Process" href="../after/post_mortem_process/">
|
||||||
|
Post-Mortem Process
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Template" href="../after/post_mortem_template/">
|
||||||
|
Post-Mortem Template
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Training</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Overview" href="../training/overview/">
|
||||||
|
Overview
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Team Leader" href="../training/team_leader/">
|
||||||
|
Team Leader
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Sysadmin" href="../training/sysadmin/">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Scribe" href="../training/scribe/">
|
||||||
|
Scribe
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Subject Matter Expert" href="../training/subject_matter_expert/">
|
||||||
|
Subject Matter Expert
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Glossary" href="../training/glossary/">
|
||||||
|
Glossary
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="current" title="About" href="./">
|
||||||
|
About
|
||||||
|
</a>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="What is this?" href="#what-is-this">
|
||||||
|
What is this?
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Who is this for?" href="#who-is-this-for">
|
||||||
|
Who is this for?
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Why do I need it?" href="#why-do-i-need-it">
|
||||||
|
Why do I need it?
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="What is covered?" href="#what-is-covered">
|
||||||
|
What is covered?
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="What is missing?" href="#what-is-missing">
|
||||||
|
What is missing?
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="License" href="#license">
|
||||||
|
License
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</div>
|
||||||
|
<article class="article">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<h1>About</h1>
|
||||||
|
|
||||||
|
<p>This site documents parts of the Spearhead Systems Issue Response process. It is a cut-down version of our internal documentation, used at Spearhead Systems for any incident or service request, and to prepare new employees for on-call responsibilities. It provides information not only on preparation but also what to do during and after.</p>
|
||||||
|
<p>This documentation is complementary to what is available in our <a href="https://sphsys.sharepoint.com">existing wiki</a>.</p>
|
||||||
|
<h2 id="what-is-this">What is this?<a class="headerlink" href="#what-is-this" title="Permanent link">#</a></h2>
|
||||||
|
<p>A collection of pages detailing how to efficiently deal with any incident or service request that might arise, along with information on how to go on-call effectively. It provides lessons learned the hard way, along with training material for getting you up to speed quickly.</p>
|
||||||
|
<h2 id="who-is-this-for">Who is this for?<a class="headerlink" href="#who-is-this-for" title="Permanent link">#</a></h2>
|
||||||
|
<p>It is intended for on-call practitioners and those involved in an operational incident or service request response process, or those wishing to enact a formal incident response process. Specifically this is for all of our Technical Support staff.</p>
|
||||||
|
<h2 id="why-do-i-need-it">Why do I need it?<a class="headerlink" href="#why-do-i-need-it" title="Permanent link">#</a></h2>
|
||||||
|
<p>As a service provider Spearhead Systems deals with service requests on a daily basis. The reason we exist is to deliver a service which in most cases boils down to incidents and service requests. We want to deliver a smooth and seamless experience for resolving our customers issues therefore this documentation is a guideline for how we handle these requests. This documentation will allow you give you a head start on how to deal with issues in a way which leads to the fastest possible recovery time.</p>
|
||||||
|
<h2 id="what-is-covered">What is covered?<a class="headerlink" href="#what-is-covered" title="Permanent link">#</a></h2>
|
||||||
|
<p>Anything from preparing to <a href="../oncall/being_oncall/">go on-call</a>, definitions of <a href="../before/severity_levels/">severities</a>, incident <a href="../before/call_etiquette/">call etiquette</a>, all the way to how to run a <a href="../after/post_mortem_process/">post-mortem</a>, providing a <a href="../after/post_mortem_template/">post-mortem template</a> and even a <a href="../during/security_incident_response/">security incident response process</a>.</p>
|
||||||
|
<h2 id="what-is-missing">What is missing?<a class="headerlink" href="#what-is-missing" title="Permanent link">#</a></h2>
|
||||||
|
<p>Lots, dig in an help us complete the picture. We can migrate most processes from Sharepoint here.</p>
|
||||||
|
<h2 id="license">License<a class="headerlink" href="#license" title="Permanent link">#</a></h2>
|
||||||
|
<p>This documentation is provided under the Apache License 2.0. In plain English that means you can use and modify this documentation and use it both commercially and for private use. However, you must include any original copyright notices, and the original LICENSE file.</p>
|
||||||
|
<p>Whether you are a Spearhead Systems customer or not, we want you to have the ability to use this documentation internally at your own company. You can view the source code for all of this documentation on our GitHub account, feel free to fork the repository and use it as a base for your own internal documentation.</p>
|
||||||
|
<aside class="copyright" role="note">
|
||||||
|
|
||||||
|
Copyright © Spearhead Systems, Inc. –
|
||||||
|
|
||||||
|
Documentation built with
|
||||||
|
<a href="http://www.mkdocs.org" target="_blank">MkDocs</a>
|
||||||
|
using the
|
||||||
|
<a href="http://squidfunk.github.io/mkdocs-material/" target="_blank">
|
||||||
|
Material
|
||||||
|
</a>
|
||||||
|
theme.
|
||||||
|
</aside>
|
||||||
|
|
||||||
|
<footer class="footer">
|
||||||
|
|
||||||
|
<nav class="pagination" aria-label="Footer">
|
||||||
|
<div class="previous">
|
||||||
|
|
||||||
|
<a href="../training/glossary/" title="Glossary">
|
||||||
|
<span class="direction">
|
||||||
|
Previous
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="button button-previous" role="button" aria-label="Previous">
|
||||||
|
<i class="icon icon-back"></i>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Glossary
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="next">
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
|
<div class="results" role="status" aria-live="polite">
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
<div class="meta"></div>
|
||||||
|
<div class="list"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
<script>
|
||||||
|
var base_url = '..';
|
||||||
|
var repo_id = 'spearheadsys/issue-response-docs';
|
||||||
|
</script>
|
||||||
|
<script src="../assets/javascripts/application-997097ee0c.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
672
after/post_mortem_process/index.html
Normal file
@ -0,0 +1,672 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if lt IE 7 ]><html class="no-js ie6"><![endif]-->
|
||||||
|
<!--[if IE 7 ]><html class="no-js ie7"><![endif]-->
|
||||||
|
<!--[if IE 8 ]><html class="no-js ie8"><![endif]-->
|
||||||
|
<!--[if IE 9 ]><html class="no-js ie9"><![endif]-->
|
||||||
|
<!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
|
||||||
|
<title>Post-Mortem Process - Spearhead Systems Incident Response Documentation</title>
|
||||||
|
|
||||||
|
<!-- Author and License -->
|
||||||
|
<meta name="author" content="Spearhead Systems, Inc." />
|
||||||
|
<meta name="dcterms.license" content="http://www.apache.org/licenses/LICENSE-2.0" />
|
||||||
|
|
||||||
|
<!-- Page Description -->
|
||||||
|
|
||||||
|
<meta name="keywords" content="spearhead, incident, response" />
|
||||||
|
<meta name="robots" content="index, follow, noarchive" />
|
||||||
|
|
||||||
|
<!-- Mobile -->
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0" />
|
||||||
|
<meta name="theme-color" content="#1f293a" />
|
||||||
|
|
||||||
|
<!-- Canonical Link -->
|
||||||
|
<link rel="canonical" href="https://response.spearhead.systems/after/post_mortem_process/">
|
||||||
|
|
||||||
|
<!-- Favicon -->
|
||||||
|
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
<link rel="icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
|
||||||
|
<!-- Apple -->
|
||||||
|
<meta name="apple-mobile-web-app-title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||||
|
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
|
||||||
|
<link rel="apple-touch-icon" href="../../assets/img/icon.png">
|
||||||
|
|
||||||
|
<!-- Open Graph -->
|
||||||
|
<meta property="og:url" content="https://response.spearhead.systems/after/post_mortem_process/" />
|
||||||
|
<meta property="og:title" content="Post-Mortem Process - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:site_name" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta property="og:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
<meta property="og:locale" content="en_US" />
|
||||||
|
<meta property="og:type" content="website" />
|
||||||
|
|
||||||
|
<!-- Twitter -->
|
||||||
|
<meta name="twitter:card" content="summary_large_image" />
|
||||||
|
<meta name="twitter:title" content="Post-Mortem Process - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="twitter:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta name="twitter:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
|
||||||
|
<!-- Style -->
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Icon';
|
||||||
|
src: url('../../assets/fonts/icon.eot?52m981');
|
||||||
|
src: url('../../assets/fonts/icon.eot?#iefix52m981')
|
||||||
|
format('embedded-opentype'),
|
||||||
|
url('../../assets/fonts/icon.woff?52m981')
|
||||||
|
format('woff'),
|
||||||
|
url('../../assets/fonts/icon.ttf?52m981')
|
||||||
|
format('truetype'),
|
||||||
|
url('../../assets/fonts/icon.svg?52m981#icon')
|
||||||
|
format('svg');
|
||||||
|
font-weight: normal;
|
||||||
|
font-style: normal;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/application-a422ff04cc.css">
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/palettes-05ab2406df.css">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Mono">
|
||||||
|
<style>
|
||||||
|
body, input {
|
||||||
|
font-family: 'Roboto', Helvetica, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
pre, code {
|
||||||
|
font-family: 'Roboto Mono', 'Courier New', 'Courier', monospace;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/css/extra.css">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Scripts -->
|
||||||
|
<script src="../../assets/javascripts/modernizr-4ab42b99fd.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<body class="palette-primary-green palette-accent-blue-grey">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="backdrop">
|
||||||
|
<div class="backdrop-paper"></div>
|
||||||
|
</div>
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-drawer">
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-search">
|
||||||
|
<label class="toggle-button overlay" for="toggle-drawer"></label>
|
||||||
|
<header class="header">
|
||||||
|
<nav aria-label="Header">
|
||||||
|
<div class="bar default">
|
||||||
|
<div class="button button-menu" role="button" aria-label="Menu">
|
||||||
|
<label class="toggle-button icon icon-menu" for="toggle-drawer">
|
||||||
|
<span></span>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="mainlogo">
|
||||||
|
<a href="/" title="Go to homepage.">
|
||||||
|
<img src="../../assets/img/logo.png" title="Spearhead Systems" />
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="title">
|
||||||
|
<span class="path">
|
||||||
|
Incident Response
|
||||||
|
<i class="icon icon-link"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="path">
|
||||||
|
|
||||||
|
|
||||||
|
After an Incident <i class="icon icon-link"></i>
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
Post-Mortem Process
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-twitter" role="button" aria-label="Twitter">
|
||||||
|
<a href="https://twitter.com/spearhead_sys" title="@spearhead_sys on Twitter" target="_blank" class="toggle-button icon icon-twitter"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-github" role="button" aria-label="GitHub">
|
||||||
|
<a href="https://github.com/spearheadsys" title="@spearheadsys on GitHub" target="_blank" class="toggle-button icon icon-github"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="button button-search" role="button" aria-label="Search">
|
||||||
|
<label class="toggle-button icon icon-search" title="Search" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="bar search">
|
||||||
|
<div class="button button-close" role="button" aria-label="Close">
|
||||||
|
<label class="toggle-button icon icon-back" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="field">
|
||||||
|
<input class="query" type="text" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-reset" role="button" aria-label="Search">
|
||||||
|
<button class="toggle-button icon icon-close" id="reset-search"></button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<main class="main">
|
||||||
|
|
||||||
|
<div class="drawer">
|
||||||
|
<nav aria-label="Navigation">
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs" class="project">
|
||||||
|
<div class="banner">
|
||||||
|
|
||||||
|
<div class="logo">
|
||||||
|
<img src="../../assets/img/icon.png">
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="name">
|
||||||
|
<strong>
|
||||||
|
Spearhead Systems Incident Response Documentation
|
||||||
|
<span class="version">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</strong>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
spearheadsys/issue-response-docs
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<ul class="repo">
|
||||||
|
<li class="repo-download">
|
||||||
|
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/archive/master.zip" target="_blank" title="Download" data-action="download">
|
||||||
|
<i class="icon icon-download"></i> Download
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
<li class="repo-stars">
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/stargazers" target="_blank" title="Stargazers" data-action="star">
|
||||||
|
<i class="icon icon-star"></i> Stars
|
||||||
|
<span class="count">–</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Home" href="../..">
|
||||||
|
Home
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">On-Call</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Being On-Call" href="../../oncall/being_oncall/">
|
||||||
|
Being On-Call
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Alerting Principles" href="../../oncall/alerting_principles/">
|
||||||
|
Alerting Principles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Before an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Severity Levels" href="../../before/severity_levels/">
|
||||||
|
Severity Levels
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Different Roles" href="../../before/different_roles/">
|
||||||
|
Different Roles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Call Etiquette" href="../../before/call_etiquette/">
|
||||||
|
Call Etiquette
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">During an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="During An Incident" href="../../during/during_an_incident/">
|
||||||
|
During An Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Security Incident" href="../../during/security_incident_response/">
|
||||||
|
Security Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">After an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="current" title="Post-Mortem Process" href="./">
|
||||||
|
Post-Mortem Process
|
||||||
|
</a>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Owner Designation" href="#owner-designation">
|
||||||
|
Owner Designation
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Owner Responsibilities" href="#owner-responsibilities">
|
||||||
|
Owner Responsibilities
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Post-Mortem Wiki Page" href="#post-mortem-wiki-page">
|
||||||
|
Post-Mortem Wiki Page
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Post-Mortem Meeting" href="#post-mortem-meeting">
|
||||||
|
Post-Mortem Meeting
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Examples" href="#examples">
|
||||||
|
Examples
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Useful Resources" href="#useful-resources">
|
||||||
|
Useful Resources
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Template" href="../post_mortem_template/">
|
||||||
|
Post-Mortem Template
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Training</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Overview" href="../../training/overview/">
|
||||||
|
Overview
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Team Leader" href="../../training/team_leader/">
|
||||||
|
Team Leader
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Sysadmin" href="../../training/sysadmin/">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Scribe" href="../../training/scribe/">
|
||||||
|
Scribe
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Subject Matter Expert" href="../../training/subject_matter_expert/">
|
||||||
|
Subject Matter Expert
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Glossary" href="../../training/glossary/">
|
||||||
|
Glossary
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="About" href="../../about/">
|
||||||
|
About
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</div>
|
||||||
|
<article class="article">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<h1>Post-Mortem Process</h1>
|
||||||
|
|
||||||
|
<p>For every major issue (SR/IN +major), we need to follow up with a post-mortem. A blame-free, detailed description, of exactly what went wrong in order to cause the incident, along with a list of steps to take in order to prevent a similar incident from occurring again in the future. The incident response process itself should also be included.</p>
|
||||||
|
<p><img alt="Post-Mortem" src="../../assets/img/headers/pagerduty_post_mortem.jpg" /></p>
|
||||||
|
<h2 id="owner-designation">Owner Designation<a class="headerlink" href="#owner-designation" title="Permanent link">#</a></h2>
|
||||||
|
<p>The first step is that a post-mortem owner will be designated. This is done by the TL either at the end of a major incident call, or very shortly after. You will be notified directly by the TL if you are the owner for the post-mortem. The owner is responsible for populating the post-mortem page, looking up logs, managing the followup investigation, and keeping all interested parties in the loop. Please use DoIT and Slack for coordinating followup. A detailed list of the steps is available below,</p>
|
||||||
|
<h2 id="owner-responsibilities">Owner Responsibilities<a class="headerlink" href="#owner-responsibilities" title="Permanent link">#</a></h2>
|
||||||
|
<p>As owner of a post-mortem, you are responsible for the following,</p>
|
||||||
|
<ul>
|
||||||
|
<li>Scheduling the post-mortem meeting (on a shared calendar) and inviting the relevant people (this should be scheduled within 5 business days of the incident).</li>
|
||||||
|
<li>Updating the page with all of the necessary content.</li>
|
||||||
|
<li>Investigating the incident, pulling in whomever you need from other teams to assist in the investigation.</li>
|
||||||
|
<li>Creating follow-up DoIT cards (<em>You are only responsible for creating the cards, not following them up to resolution</em>).</li>
|
||||||
|
<li>Running the post-mortem meeting (<em>these generally run themselves, but you should get people back on topic if the conversation starts to wander</em>).</li>
|
||||||
|
<li>In cases where we need a public blog post, creating & reviewing it with appropriate parties.</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="post-mortem-wiki-page">Post-Mortem Wiki Page<a class="headerlink" href="#post-mortem-wiki-page" title="Permanent link">#</a></h2>
|
||||||
|
<p>Once you've been designated as the owner of a post-mortem, you should start updating the page with all the relevant information.</p>
|
||||||
|
<ol>
|
||||||
|
<li>
|
||||||
|
<p>(If not already done by the TL) Create a new post-mortem page for the incident.</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Schedule a post-mortem meeting for within 5 business days of the incident. You should schedule this before filling in the page, just so it's on the calendar.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Create the meeting on the "Incident Post-Mortem Meetings" shared calendar.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Begin populating the page with all of the information you have.</p>
|
||||||
|
<ul>
|
||||||
|
<li>The timeline should be the main focus to begin with.<ul>
|
||||||
|
<li>The timeline should include important changes in status/impact, and also key actions taken by responders.</li>
|
||||||
|
<li>You should mark the start of the incident in red, and the resolution in green (for when we went into/out of SR/IN +major).</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>Go through the history in DoIT and Slack to identify the responders, and add them to the page.<ul>
|
||||||
|
<li>Identify the Team Leader and Scribe in this list.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Populate the page with more detailed information.</p>
|
||||||
|
<ul>
|
||||||
|
<li>For each item in the timeline, identify a metric, or some third-party page where the data came from. This could be a link to a Check_MK graph, a logwatch search, a Tweet, etc. Anything which shows the data point you're trying to illustrate in the timeline.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Perform an analysis of the incident.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Capture all available data regarding the incident. What caused it, how many customers were affected, etc.</li>
|
||||||
|
<li>Any commands or queries you use to look up data should be posted in the page so others can see how the data was gathered.</li>
|
||||||
|
<li>Capture the impact to customers (generally in terms of event submission, delayed processing, and slow notification delivery)</li>
|
||||||
|
<li>Identify the underlying cause of the incident (What happened, and why did it happen).</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Create any followup action DoIT cards (or note down topics for discussion if we need to decide on a direction to go before creating tickets),</p>
|
||||||
|
<ul>
|
||||||
|
<li>Go through the history in DoIT, Slack to identify any TODO items.</li>
|
||||||
|
<li>Label all tickets with their severity level and date tags.</li>
|
||||||
|
<li>Any actions which can reduce re-occurrence of the incident.<ul>
|
||||||
|
<li>(There may be some trade-off here, and that's fine. Sometimes the ROI isn't worth the effort that would go into it).</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>Identify any actions which can make our incident response process better.</li>
|
||||||
|
<li>Be careful with creating too many cards. Generally we only want to create things that are of top priority. Things that absolutely should be dealt with.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Write the external message that will be sent to customers. This will be reviewed during the post-mortem meeting before it is sent out.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Avoid using the word "outage" unless it really was a full outage, use the word "incident" instead. Customers generally see "outage" and assume everything was down, when in reality it was likely just some alerts delivered outside of SLA.</li>
|
||||||
|
<li>Look at other examples of previous post-mortems to see the kind of thing you should send.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
<h2 id="post-mortem-meeting">Post-Mortem Meeting<a class="headerlink" href="#post-mortem-meeting" title="Permanent link">#</a></h2>
|
||||||
|
<p>These meetings should generally last 15-30 minutes, and are intended to be a wrap up of the post-mortem process. We should discuss what happened, what we could've done better, and any followup actions we need to take. The goal is to suss out any disagreement on the facts, analysis, or recommended actions, and to get some wider awareness of the problems that are causing reliability issues for us.</p>
|
||||||
|
<p>You should invite the following people to the post-mortem meeting,</p>
|
||||||
|
<ul>
|
||||||
|
<li>Always<ul>
|
||||||
|
<li>The team leader.</li>
|
||||||
|
<li>Service owners involved in the incident.</li>
|
||||||
|
<li>Key engineer(s)/responders involved in the incident.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>Optional<ul>
|
||||||
|
<li>Customer liaison. (Only SR/IN +major incidents)</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<p>A general agenda for the meeting would be something like,</p>
|
||||||
|
<ol>
|
||||||
|
<li>Recap the timeline, to make sure everyone agrees and is on the same page.</li>
|
||||||
|
<li>Recap important points, and any unusual items.</li>
|
||||||
|
<li>Discuss how the problem could've been caught.<ul>
|
||||||
|
<li>Did it send any weak signals?</li>
|
||||||
|
<li>Could it have been caught in tests, or loadtest environment?</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>Discuss customer impact. Any comments from customers, etc.</li>
|
||||||
|
<li>Review action items that have been created, discuss if appropriate, or if more are needed, etc.</li>
|
||||||
|
</ol>
|
||||||
|
<h2 id="examples">Examples<a class="headerlink" href="#examples" title="Permanent link">#</a></h2>
|
||||||
|
<p>Here are some examples of post-mortems from other companies as a reference,</p>
|
||||||
|
<ul>
|
||||||
|
<li><a href="https://support.stripe.com/questions/outage-postmortem-2015-10-08-utc">Stripe</a></li>
|
||||||
|
<li><a href="https://blog.lastpass.com/2015/06/lastpass-security-notice.html/comment-page-2/">LastPass</a></li>
|
||||||
|
<li><a href="https://aws.amazon.com/message/5467D2/">AWS</a></li>
|
||||||
|
<li><a href="https://www.twilio.com/blog/2013/07/billing-incident-post-mortem-breakdown-analysis-and-root-cause.html">Twilio</a></li>
|
||||||
|
<li><a href="https://status.heroku.com/incidents/151">Heroku</a></li>
|
||||||
|
<li><a href="http://techblog.netflix.com/2012/10/post-mortem-of-october-222012-aws.html">Netflix</a></li>
|
||||||
|
<li><a href="https://www.gov.uk/government/publications/kyle-beck-safety-digest/near-miss-at-kyle-beck-3-august-2016">GOV.UK Rail Accident Investigation</a></li>
|
||||||
|
<li><a href="https://github.com/danluu/post-mortems">A List of Post-mortems!</a></li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="useful-resources">Useful Resources<a class="headerlink" href="#useful-resources" title="Permanent link">#</a></h2>
|
||||||
|
<ul>
|
||||||
|
<li><a href="http://www.slideshare.net/jallspaw/advanced-postmortem-fu-and-human-error-101-velocity-2011">Advanced PostMortem Fu and Human Error 101 (Velocity 2011)</a></li>
|
||||||
|
<li><a href="http://fractio.nl/2015/10/30/blame-language-sharing/">Blame. Language. Sharing.</a></li>
|
||||||
|
</ul>
|
||||||
|
<aside class="copyright" role="note">
|
||||||
|
|
||||||
|
Copyright © Spearhead Systems, Inc. –
|
||||||
|
|
||||||
|
Documentation built with
|
||||||
|
<a href="http://www.mkdocs.org" target="_blank">MkDocs</a>
|
||||||
|
using the
|
||||||
|
<a href="http://squidfunk.github.io/mkdocs-material/" target="_blank">
|
||||||
|
Material
|
||||||
|
</a>
|
||||||
|
theme.
|
||||||
|
</aside>
|
||||||
|
|
||||||
|
<footer class="footer">
|
||||||
|
|
||||||
|
<nav class="pagination" aria-label="Footer">
|
||||||
|
<div class="previous">
|
||||||
|
|
||||||
|
<a href="../../during/security_incident_response/" title="Security Incident">
|
||||||
|
<span class="direction">
|
||||||
|
Previous
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="button button-previous" role="button" aria-label="Previous">
|
||||||
|
<i class="icon icon-back"></i>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Security Incident
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="next">
|
||||||
|
|
||||||
|
<a href="../post_mortem_template/" title="Post-Mortem Template">
|
||||||
|
<span class="direction">
|
||||||
|
Next
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Post-Mortem Template
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-next" role="button" aria-label="Next">
|
||||||
|
<i class="icon icon-forward"></i>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
|
<div class="results" role="status" aria-live="polite">
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
<div class="meta"></div>
|
||||||
|
<div class="list"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
<script>
|
||||||
|
var base_url = '../..';
|
||||||
|
var repo_id = 'spearheadsys/issue-response-docs';
|
||||||
|
</script>
|
||||||
|
<script src="../../assets/javascripts/application-997097ee0c.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
670
after/post_mortem_template/index.html
Normal file
@ -0,0 +1,670 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if lt IE 7 ]><html class="no-js ie6"><![endif]-->
|
||||||
|
<!--[if IE 7 ]><html class="no-js ie7"><![endif]-->
|
||||||
|
<!--[if IE 8 ]><html class="no-js ie8"><![endif]-->
|
||||||
|
<!--[if IE 9 ]><html class="no-js ie9"><![endif]-->
|
||||||
|
<!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
|
||||||
|
<title>Post-Mortem Template - Spearhead Systems Incident Response Documentation</title>
|
||||||
|
|
||||||
|
<!-- Author and License -->
|
||||||
|
<meta name="author" content="Spearhead Systems, Inc." />
|
||||||
|
<meta name="dcterms.license" content="http://www.apache.org/licenses/LICENSE-2.0" />
|
||||||
|
|
||||||
|
<!-- Page Description -->
|
||||||
|
|
||||||
|
<meta name="keywords" content="spearhead, incident, response" />
|
||||||
|
<meta name="robots" content="index, follow, noarchive" />
|
||||||
|
|
||||||
|
<!-- Mobile -->
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0" />
|
||||||
|
<meta name="theme-color" content="#1f293a" />
|
||||||
|
|
||||||
|
<!-- Canonical Link -->
|
||||||
|
<link rel="canonical" href="https://response.spearhead.systems/after/post_mortem_template/">
|
||||||
|
|
||||||
|
<!-- Favicon -->
|
||||||
|
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
<link rel="icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
|
||||||
|
<!-- Apple -->
|
||||||
|
<meta name="apple-mobile-web-app-title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||||
|
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
|
||||||
|
<link rel="apple-touch-icon" href="../../assets/img/icon.png">
|
||||||
|
|
||||||
|
<!-- Open Graph -->
|
||||||
|
<meta property="og:url" content="https://response.spearhead.systems/after/post_mortem_template/" />
|
||||||
|
<meta property="og:title" content="Post-Mortem Template - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:site_name" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta property="og:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
<meta property="og:locale" content="en_US" />
|
||||||
|
<meta property="og:type" content="website" />
|
||||||
|
|
||||||
|
<!-- Twitter -->
|
||||||
|
<meta name="twitter:card" content="summary_large_image" />
|
||||||
|
<meta name="twitter:title" content="Post-Mortem Template - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="twitter:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta name="twitter:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
|
||||||
|
<!-- Style -->
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Icon';
|
||||||
|
src: url('../../assets/fonts/icon.eot?52m981');
|
||||||
|
src: url('../../assets/fonts/icon.eot?#iefix52m981')
|
||||||
|
format('embedded-opentype'),
|
||||||
|
url('../../assets/fonts/icon.woff?52m981')
|
||||||
|
format('woff'),
|
||||||
|
url('../../assets/fonts/icon.ttf?52m981')
|
||||||
|
format('truetype'),
|
||||||
|
url('../../assets/fonts/icon.svg?52m981#icon')
|
||||||
|
format('svg');
|
||||||
|
font-weight: normal;
|
||||||
|
font-style: normal;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/application-a422ff04cc.css">
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/palettes-05ab2406df.css">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Mono">
|
||||||
|
<style>
|
||||||
|
body, input {
|
||||||
|
font-family: 'Roboto', Helvetica, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
pre, code {
|
||||||
|
font-family: 'Roboto Mono', 'Courier New', 'Courier', monospace;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/css/extra.css">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Scripts -->
|
||||||
|
<script src="../../assets/javascripts/modernizr-4ab42b99fd.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<body class="palette-primary-green palette-accent-blue-grey">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="backdrop">
|
||||||
|
<div class="backdrop-paper"></div>
|
||||||
|
</div>
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-drawer">
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-search">
|
||||||
|
<label class="toggle-button overlay" for="toggle-drawer"></label>
|
||||||
|
<header class="header">
|
||||||
|
<nav aria-label="Header">
|
||||||
|
<div class="bar default">
|
||||||
|
<div class="button button-menu" role="button" aria-label="Menu">
|
||||||
|
<label class="toggle-button icon icon-menu" for="toggle-drawer">
|
||||||
|
<span></span>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="mainlogo">
|
||||||
|
<a href="/" title="Go to homepage.">
|
||||||
|
<img src="../../assets/img/logo.png" title="Spearhead Systems" />
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="title">
|
||||||
|
<span class="path">
|
||||||
|
Incident Response
|
||||||
|
<i class="icon icon-link"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="path">
|
||||||
|
|
||||||
|
|
||||||
|
After an Incident <i class="icon icon-link"></i>
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
Post-Mortem Template
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-twitter" role="button" aria-label="Twitter">
|
||||||
|
<a href="https://twitter.com/spearhead_sys" title="@spearhead_sys on Twitter" target="_blank" class="toggle-button icon icon-twitter"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-github" role="button" aria-label="GitHub">
|
||||||
|
<a href="https://github.com/spearheadsys" title="@spearheadsys on GitHub" target="_blank" class="toggle-button icon icon-github"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="button button-search" role="button" aria-label="Search">
|
||||||
|
<label class="toggle-button icon icon-search" title="Search" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="bar search">
|
||||||
|
<div class="button button-close" role="button" aria-label="Close">
|
||||||
|
<label class="toggle-button icon icon-back" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="field">
|
||||||
|
<input class="query" type="text" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-reset" role="button" aria-label="Search">
|
||||||
|
<button class="toggle-button icon icon-close" id="reset-search"></button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<main class="main">
|
||||||
|
|
||||||
|
<div class="drawer">
|
||||||
|
<nav aria-label="Navigation">
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs" class="project">
|
||||||
|
<div class="banner">
|
||||||
|
|
||||||
|
<div class="logo">
|
||||||
|
<img src="../../assets/img/icon.png">
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="name">
|
||||||
|
<strong>
|
||||||
|
Spearhead Systems Incident Response Documentation
|
||||||
|
<span class="version">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</strong>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
spearheadsys/issue-response-docs
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<ul class="repo">
|
||||||
|
<li class="repo-download">
|
||||||
|
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/archive/master.zip" target="_blank" title="Download" data-action="download">
|
||||||
|
<i class="icon icon-download"></i> Download
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
<li class="repo-stars">
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/stargazers" target="_blank" title="Stargazers" data-action="star">
|
||||||
|
<i class="icon icon-star"></i> Stars
|
||||||
|
<span class="count">–</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Home" href="../..">
|
||||||
|
Home
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">On-Call</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Being On-Call" href="../../oncall/being_oncall/">
|
||||||
|
Being On-Call
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Alerting Principles" href="../../oncall/alerting_principles/">
|
||||||
|
Alerting Principles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Before an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Severity Levels" href="../../before/severity_levels/">
|
||||||
|
Severity Levels
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Different Roles" href="../../before/different_roles/">
|
||||||
|
Different Roles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Call Etiquette" href="../../before/call_etiquette/">
|
||||||
|
Call Etiquette
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">During an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="During An Incident" href="../../during/during_an_incident/">
|
||||||
|
During An Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Security Incident" href="../../during/security_incident_response/">
|
||||||
|
Security Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">After an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Process" href="../post_mortem_process/">
|
||||||
|
Post-Mortem Process
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="current" title="Post-Mortem Template" href="./">
|
||||||
|
Post-Mortem Template
|
||||||
|
</a>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Overview" href="#overview">
|
||||||
|
Overview
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="What Happened" href="#what-happened">
|
||||||
|
What Happened
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Root Cause" href="#root-cause">
|
||||||
|
Root Cause
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Resolution" href="#resolution">
|
||||||
|
Resolution
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Impact" href="#impact">
|
||||||
|
Impact
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Responders" href="#responders">
|
||||||
|
Responders
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Timeline" href="#timeline">
|
||||||
|
Timeline
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="How'd We Do?" href="#howd-we-do">
|
||||||
|
How'd We Do?
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Action Items" href="#action-items">
|
||||||
|
Action Items
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Messaging" href="#messaging">
|
||||||
|
Messaging
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Training</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Overview" href="../../training/overview/">
|
||||||
|
Overview
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Team Leader" href="../../training/team_leader/">
|
||||||
|
Team Leader
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Sysadmin" href="../../training/sysadmin/">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Scribe" href="../../training/scribe/">
|
||||||
|
Scribe
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Subject Matter Expert" href="../../training/subject_matter_expert/">
|
||||||
|
Subject Matter Expert
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Glossary" href="../../training/glossary/">
|
||||||
|
Glossary
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="About" href="../../about/">
|
||||||
|
About
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</div>
|
||||||
|
<article class="article">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<h1>Post-Mortem Template</h1>
|
||||||
|
|
||||||
|
<p>This is a standard template for post-mortems. Each section describes the type of information you will want to put in that section.</p>
|
||||||
|
<hr />
|
||||||
|
<div class="admonition note">
|
||||||
|
<p class="admonition-title">Guidelines</p>
|
||||||
|
<p>This page is intended to be reviewed during a post-mortem meeting that should be scheduled within 5 business days of any event.
|
||||||
|
Your first step should be to schedule the post-mortem meeting in the shared calendar for within 5 business days after the incident.
|
||||||
|
Don't wait until you've filled in the info to schedule the meeting, however make sure the page is completed by the meeting.</p>
|
||||||
|
</div>
|
||||||
|
<p><strong> Post-Mortem Owner:</strong> <em>Your name goes here.</em></p>
|
||||||
|
<p><strong> Meeting Scheduled For:</strong> <em>Schedule the meeting on the "Incident Post-Mortem Meetings" shared calendar, for within 5 business days after the incident. Put the date/time here.</em></p>
|
||||||
|
<p><strong> Call Recording:</strong> <em>Link to the incident call recording / slack transcript or DoIT card.</em></p>
|
||||||
|
<h2 id="overview">Overview<a class="headerlink" href="#overview" title="Permanent link">#</a></h2>
|
||||||
|
<p><em>Include a <strong>short</strong> sentence or two summarizing the root cause, timeline summary, and the impact. E.g. "On the morning of August 99th, we suffered a 1 minute IN-3 due to a runaway process on our primary database machine. This slowness caused roughly 0.024% of alerts that had begun during this time to be delivered out of SLA."</em></p>
|
||||||
|
<h2 id="what-happened">What Happened<a class="headerlink" href="#what-happened" title="Permanent link">#</a></h2>
|
||||||
|
<p><em>Include a short description of what happened.</em></p>
|
||||||
|
<h2 id="root-cause">Root Cause<a class="headerlink" href="#root-cause" title="Permanent link">#</a></h2>
|
||||||
|
<p><em>Include a description of the root cause. If there were any actions taken that exacerbated the issue, also include them here with the intention of learning from any mistakes made during the resolution process.</em></p>
|
||||||
|
<h2 id="resolution">Resolution<a class="headerlink" href="#resolution" title="Permanent link">#</a></h2>
|
||||||
|
<p><em>Include a description what solved the problem. If there was a temporary fix in place, describe that along with the long-term solution.</em></p>
|
||||||
|
<h2 id="impact">Impact<a class="headerlink" href="#impact" title="Permanent link">#</a></h2>
|
||||||
|
<p><em>Be very specific here, include exact numbers.</em></p>
|
||||||
|
<table>
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th>Time in SR-3</th>
|
||||||
|
<th>?mins</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td>Notifications Delivered out of SLA</td>
|
||||||
|
<td>??% (?? of ??)</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>Events Dropped / Not Accepted</td>
|
||||||
|
<td>??% (?? of ??) <em>Should usually be 0, but always check</em></td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>Accounts Affected</td>
|
||||||
|
<td>??</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>Users Affected</td>
|
||||||
|
<td>??</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>Support Requests Raised</td>
|
||||||
|
<td>?? <em>Include any relevant links to tickets</em></td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<h2 id="responders">Responders<a class="headerlink" href="#responders" title="Permanent link">#</a></h2>
|
||||||
|
<ul>
|
||||||
|
<li><em>Who was the TL?</em></li>
|
||||||
|
<li><em>Who was the scribe?</em></li>
|
||||||
|
<li><em>Who else was involved?</em></li>
|
||||||
|
<li><em>Who else was involved?</em></li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="timeline">Timeline<a class="headerlink" href="#timeline" title="Permanent link">#</a></h2>
|
||||||
|
<p><em>Some important times to include: (1) time the root cause began, (2) time of the page, (3) time that the status page was updated (i.e. when the incident became public), (4) time of any significant actions, (5) time the IN-3 ended, (6) links to tools/logs that show how the timestamp was arrived at.</em></p>
|
||||||
|
<table>
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th>Time (UTC)</th>
|
||||||
|
<th>Event</th>
|
||||||
|
<th>Data Link</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody></tbody>
|
||||||
|
</table>
|
||||||
|
<h2 id="howd-we-do">How'd We Do?<a class="headerlink" href="#howd-we-do" title="Permanent link">#</a></h2>
|
||||||
|
<h3 id="what-went-well">What Went Well?<a class="headerlink" href="#what-went-well" title="Permanent link">#</a></h3>
|
||||||
|
<ul>
|
||||||
|
<li><em>List anything you did well and want to call out. It's OK to not list anything.</em></li>
|
||||||
|
</ul>
|
||||||
|
<h3 id="what-didnt-go-so-well">What Didn't Go So Well?<a class="headerlink" href="#what-didnt-go-so-well" title="Permanent link">#</a></h3>
|
||||||
|
<ul>
|
||||||
|
<li><em>List anything you think we didn't do very well. The intent is that we should follow up on all points here to improve our processes.</em></li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="action-items">Action Items<a class="headerlink" href="#action-items" title="Permanent link">#</a></h2>
|
||||||
|
<p><em>Each action item should be in the form of a DoIT card respectiv GTD next actions principle: "a clear and concise single action to move things forward”. Include action items such as: (1) any fixes required to prevent the root cause in the future, (2) any preparedness tasks that could help mitigate the problem if it came up again, (3) remaining post-mortem steps, such as the internal email, as well as the status-page public post, (4) any improvements to our incident response process.</em></p>
|
||||||
|
<h2 id="messaging">Messaging<a class="headerlink" href="#messaging" title="Permanent link">#</a></h2>
|
||||||
|
<h3 id="internal-email">Internal Email<a class="headerlink" href="#internal-email" title="Permanent link">#</a></h3>
|
||||||
|
<p><em>This is a follow-up for employees. It should be sent out right after the post-mortem meeting is over. It only needs a short paragraph summarizing the incident and a link to this wiki page.</em></p>
|
||||||
|
<blockquote>
|
||||||
|
<p>Briefly summarize what happened and where the post-mortem page (this page) can be found.</p>
|
||||||
|
</blockquote>
|
||||||
|
<h3 id="external-message">External Message<a class="headerlink" href="#external-message" title="Permanent link">#</a></h3>
|
||||||
|
<p><em>This is what will be included on the public facing status website (status.spearhead.systems) regarding this incident. What are we telling customers, including an apology? (The apology should be genuine, not rote.)</em></p>
|
||||||
|
<blockquote>
|
||||||
|
<p>Summary</p>
|
||||||
|
<p>What Happened?</p>
|
||||||
|
<p>What Are We Doing About This?</p>
|
||||||
|
</blockquote>
|
||||||
|
<aside class="copyright" role="note">
|
||||||
|
|
||||||
|
Copyright © Spearhead Systems, Inc. –
|
||||||
|
|
||||||
|
Documentation built with
|
||||||
|
<a href="http://www.mkdocs.org" target="_blank">MkDocs</a>
|
||||||
|
using the
|
||||||
|
<a href="http://squidfunk.github.io/mkdocs-material/" target="_blank">
|
||||||
|
Material
|
||||||
|
</a>
|
||||||
|
theme.
|
||||||
|
</aside>
|
||||||
|
|
||||||
|
<footer class="footer">
|
||||||
|
|
||||||
|
<nav class="pagination" aria-label="Footer">
|
||||||
|
<div class="previous">
|
||||||
|
|
||||||
|
<a href="../post_mortem_process/" title="Post-Mortem Process">
|
||||||
|
<span class="direction">
|
||||||
|
Previous
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="button button-previous" role="button" aria-label="Previous">
|
||||||
|
<i class="icon icon-back"></i>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Post-Mortem Process
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="next">
|
||||||
|
|
||||||
|
<a href="../../training/overview/" title="Overview">
|
||||||
|
<span class="direction">
|
||||||
|
Next
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Overview
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-next" role="button" aria-label="Next">
|
||||||
|
<i class="icon icon-forward"></i>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
|
<div class="results" role="status" aria-live="polite">
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
<div class="meta"></div>
|
||||||
|
<div class="list"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
<script>
|
||||||
|
var base_url = '../..';
|
||||||
|
var repo_id = 'spearheadsys/issue-response-docs';
|
||||||
|
</script>
|
||||||
|
<script src="../../assets/javascripts/application-997097ee0c.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
414
assets/css/extra.css
Normal file
@ -0,0 +1,414 @@
|
|||||||
|
/* Colfax Font */
|
||||||
|
/*@font-face {
|
||||||
|
font-family: 'Roboto', sans-serif;
|
||||||
|
font-style: normal;
|
||||||
|
font-weight: 400;
|
||||||
|
src: local('Roboto'), url(https://www.pagerduty.com/wp-content/themes/startit-child/fonts/ColfaxWebRegular.woff) format('woff2');
|
||||||
|
}
|
||||||
|
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Roboto', sans-serif;
|
||||||
|
font-style: normal;
|
||||||
|
font-weight: 100;
|
||||||
|
src: local('ColfaxRegular'), url(https://www.pagerduty.com/wp-content/themes/startit-child/fonts/ColfaxWebLight.woff) format('woff2');
|
||||||
|
}*/
|
||||||
|
|
||||||
|
/* Roboto Font */
|
||||||
|
@font-face {
|
||||||
|
font-family: "Roboto Condensed";
|
||||||
|
font-style: normal;
|
||||||
|
font-weight: 400;
|
||||||
|
src: local('Roboto Condensed Regular'), local('RobotoCondensed-Regular'), url("RobotoCondensed-Regular.ttf") format('truetype');
|
||||||
|
}
|
||||||
|
|
||||||
|
@font-face {
|
||||||
|
font-family: "Roboto Condensed";
|
||||||
|
font-style: normal;
|
||||||
|
font-weight: 100;
|
||||||
|
src: local('Roboto Condensed Regular'), local('RobotoCondensed-Regular'), url("RobotoCondensed-Regular.ttf") format('truetype');
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Defaults */
|
||||||
|
body {
|
||||||
|
font-weight: 500;
|
||||||
|
-webkit-font-smoothing: antialiased;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Change the colour theme to better match PagerDuty */
|
||||||
|
|
||||||
|
/* background: pd-green */
|
||||||
|
.repo a {
|
||||||
|
background: #540510;
|
||||||
|
}
|
||||||
|
|
||||||
|
@media only screen and (max-width: 959px) {
|
||||||
|
.palette-primary-green .project {
|
||||||
|
background: #25c151;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* background: pd-navy */
|
||||||
|
.palette-primary-green,
|
||||||
|
.palette-primary-green .footer,
|
||||||
|
.palette-primary-green .header,
|
||||||
|
.palette-primary-green .results .meta,
|
||||||
|
.palette-primary-green .article table th {
|
||||||
|
background: #1f293a;
|
||||||
|
}
|
||||||
|
|
||||||
|
.palette-primary-green .article table th {
|
||||||
|
background: #555;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* font: pd-green */
|
||||||
|
.palette-primary-green .article h1,
|
||||||
|
.palette-primary-green .article h2,
|
||||||
|
.palette-primary-green .drawer .toc a.current,
|
||||||
|
.palette-primary-green .drawer .toc a:focus,
|
||||||
|
.palette-primary-green .drawer .toc a:hover,
|
||||||
|
.palette-primary-green .article a:hover {
|
||||||
|
color: #8c0c1d;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* font: pd-navy */
|
||||||
|
.palette-primary-green .article a,
|
||||||
|
.palette-primary-green .article code,
|
||||||
|
.palette-primary-green .article h1,
|
||||||
|
.palette-primary-green .article h2 {
|
||||||
|
color: #540510;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Selected nav section */
|
||||||
|
.palette-primary-green .drawer .anchor a {
|
||||||
|
border-left: 3px solid #540510;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Hide the page title, already in the navbar */
|
||||||
|
.article h1 {
|
||||||
|
display: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* But show it when printing */
|
||||||
|
@media print {
|
||||||
|
.article h1 {
|
||||||
|
display: block;
|
||||||
|
padding-top: 0em;
|
||||||
|
padding-bottom: 0.1em;
|
||||||
|
margin-top: 0em;
|
||||||
|
margin-bottom: 0em;
|
||||||
|
border-bottom: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Also add a heading when printing */
|
||||||
|
.article h1:before {
|
||||||
|
background: url(/assets/img/logo.png) 0em -0.07em no-repeat;
|
||||||
|
background-size: 7em;
|
||||||
|
display: block;
|
||||||
|
height: 2em;
|
||||||
|
width: 100%;
|
||||||
|
padding-left: 7.2em;
|
||||||
|
content: 'Incident Response';
|
||||||
|
border-bottom: 1px solid #ddd;
|
||||||
|
margin-bottom: 0.6em;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Want the font to be bigger for articles, easier reading. */
|
||||||
|
.article {
|
||||||
|
font-size: 1.45em;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Too much whitespace at the top, not enough at bottom */
|
||||||
|
.article .wrapper {
|
||||||
|
padding: 56px 16px 132px !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
@media only screen and (min-width: 720px) {
|
||||||
|
.article .wrapper {
|
||||||
|
padding: 70px 24px 126px !important;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Get rid of the whitespace when printing, let people set own margins. */
|
||||||
|
@media print {
|
||||||
|
.article .wrapper {
|
||||||
|
padding: 0em !important;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
ul, ol {
|
||||||
|
padding-left: 1em;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Expanding border menu */
|
||||||
|
.drawer .toc li a {
|
||||||
|
overflow: hidden;
|
||||||
|
position: relative;
|
||||||
|
}
|
||||||
|
|
||||||
|
.drawer .toc li a:before {
|
||||||
|
display: block;
|
||||||
|
content: '';
|
||||||
|
position: absolute;
|
||||||
|
height: 2em;
|
||||||
|
left: 0px;
|
||||||
|
top: 0.5em;
|
||||||
|
border-left: 5px solid #540510;
|
||||||
|
transform: scaleY(0);
|
||||||
|
transition: transform 250ms ease-in-out;
|
||||||
|
}
|
||||||
|
|
||||||
|
.drawer .toc li a:hover:before {
|
||||||
|
transform: scaleY(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Don't do it on active menu items */
|
||||||
|
.drawer .toc a.current:hover:before,
|
||||||
|
.drawer .toc li.anchor a:hover:before {
|
||||||
|
transform: scaleY(0);
|
||||||
|
display: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Don't overflow horizontally on nav */
|
||||||
|
.drawer .toc ul li a {
|
||||||
|
white-space: nowrap;
|
||||||
|
text-overflow: ellipsis;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Change the title bar to include the PD logo */
|
||||||
|
nav div.mainlogo {
|
||||||
|
width: 15em;
|
||||||
|
display: table-cell;
|
||||||
|
}
|
||||||
|
|
||||||
|
nav div.mainlogo a {
|
||||||
|
min-height: 3.5em;
|
||||||
|
margin-bottom: -1.25em;
|
||||||
|
width: 14.5em;
|
||||||
|
|
||||||
|
background: url(/assets/img/logo.png) 0em 0.1em no-repeat;
|
||||||
|
background-size: contain;
|
||||||
|
}
|
||||||
|
|
||||||
|
nav div.mainlogo img {
|
||||||
|
display: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Admonition */
|
||||||
|
.admonition {
|
||||||
|
background: #990115;
|
||||||
|
}
|
||||||
|
.admonition.info {
|
||||||
|
background: #f5a623;
|
||||||
|
}
|
||||||
|
|
||||||
|
@media print {
|
||||||
|
.admonition {
|
||||||
|
padding: 1em 2em !important;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Typography */
|
||||||
|
h4 {
|
||||||
|
font-weight: bold;
|
||||||
|
text-decoration: underline;
|
||||||
|
}
|
||||||
|
|
||||||
|
.project .logo+.name {
|
||||||
|
font-size: 13px;
|
||||||
|
}
|
||||||
|
|
||||||
|
span.bad {
|
||||||
|
color: #f00;
|
||||||
|
}
|
||||||
|
|
||||||
|
span.good {
|
||||||
|
color: #008800;
|
||||||
|
}
|
||||||
|
|
||||||
|
span.code,
|
||||||
|
code {
|
||||||
|
font-family: monospace;
|
||||||
|
color: #00f !important;
|
||||||
|
border-radius: 2px;
|
||||||
|
padding: 0.1em;
|
||||||
|
border: 1px solid #eee;
|
||||||
|
background: #f4f4f4;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Icons */
|
||||||
|
.button .icon:hover {
|
||||||
|
transition: color 250ms ease-in-out;
|
||||||
|
color: #990115;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Images */
|
||||||
|
.article .wrapper {
|
||||||
|
overflow: hidden;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Center all images */
|
||||||
|
.article img {
|
||||||
|
display: block;
|
||||||
|
margin: 0 auto;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Header images */
|
||||||
|
.article h1 + p + p img {
|
||||||
|
max-width: 110%;
|
||||||
|
margin-left: -2em;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Image Captions */
|
||||||
|
img + em {
|
||||||
|
position: relative;
|
||||||
|
font-size: 0.8em;
|
||||||
|
margin-right: -2.3em;
|
||||||
|
padding: 0em 1em;
|
||||||
|
float: right;
|
||||||
|
margin-top: -2.1em;
|
||||||
|
color: #000;
|
||||||
|
border-top-left-radius: 3px;
|
||||||
|
background: rgba(255, 255, 255, 0.7);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Fixes for smaller screen sizes */
|
||||||
|
@media only screen and (max-width: 720px) {
|
||||||
|
.article h1 + p + p img {
|
||||||
|
max-width: 120%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.article h1 + p + p img + em {
|
||||||
|
margin-right: -1.4em;
|
||||||
|
margin-top: -2em;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Hack to hide the header images when printing. */
|
||||||
|
@media print {
|
||||||
|
.article h1 + p + p img {
|
||||||
|
display: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
.article h1 + p + p img + em {
|
||||||
|
display: none;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Quotes */
|
||||||
|
.article blockquote {
|
||||||
|
border-left: 3px solid #555;
|
||||||
|
background: #f9f9f9;
|
||||||
|
padding: 1em;
|
||||||
|
padding-left: 16px;
|
||||||
|
margin-top: 1em;
|
||||||
|
color: #333;
|
||||||
|
font-style: italic;
|
||||||
|
}
|
||||||
|
|
||||||
|
.article blockquote p {
|
||||||
|
margin: 0em;
|
||||||
|
padding: 0.5em 0em;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Horizontal Rules */
|
||||||
|
.article hr {
|
||||||
|
margin-top: 2em;
|
||||||
|
border-top: 2px solid #f4f4f4;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Don't care about copyright notice for this project, Apache License. */
|
||||||
|
aside.copyright {
|
||||||
|
display: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Custom tables */
|
||||||
|
table.custom-table td ul {
|
||||||
|
margin-top: -0.8em;
|
||||||
|
padding-top: 0px;
|
||||||
|
padding-left: 0px;
|
||||||
|
}
|
||||||
|
|
||||||
|
table.custom-table td.warning {
|
||||||
|
font-weight: bold;
|
||||||
|
text-align: center;
|
||||||
|
color: #f00;
|
||||||
|
background: #f4f4f4;
|
||||||
|
}
|
||||||
|
|
||||||
|
table.custom-table td.sev-1 {
|
||||||
|
background: #ffe7e7;
|
||||||
|
color: #f00;
|
||||||
|
font-weight: bold;
|
||||||
|
}
|
||||||
|
|
||||||
|
table.custom-table td.sev-2 {
|
||||||
|
background: #ffd;
|
||||||
|
color: rgb(255,153,0);
|
||||||
|
font-weight: bold;
|
||||||
|
}
|
||||||
|
|
||||||
|
table.custom-table td.sev-3 {
|
||||||
|
background: #e0f0ff;
|
||||||
|
color: rgb(51,102,255);
|
||||||
|
font-weight: bold;
|
||||||
|
}
|
||||||
|
|
||||||
|
table.custom-table td.sev-4 {
|
||||||
|
background: #f0f0f0;
|
||||||
|
color: rgb(128,128,128);
|
||||||
|
font-weight: bold;
|
||||||
|
}
|
||||||
|
|
||||||
|
table.custom-table td.sev-5 {
|
||||||
|
background: #ddfade;
|
||||||
|
color: rgb(0,128,0);
|
||||||
|
font-weight: bold;
|
||||||
|
}
|
||||||
|
|
||||||
|
table.custom-table td.centered {
|
||||||
|
text-align: center;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Embeds */
|
||||||
|
iframe {
|
||||||
|
display: block;
|
||||||
|
margin: 0 auto;
|
||||||
|
margin-top: 1em;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Contact summary table */
|
||||||
|
#contact-summary {
|
||||||
|
margin-bottom: -2em;
|
||||||
|
background: #fff;
|
||||||
|
color: #000;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Super horrible hack to get the training PDF images correct */
|
||||||
|
#national-incident-management-system-nims ~ p img {
|
||||||
|
display: inline;
|
||||||
|
}
|
||||||
|
#national-incident-management-system-nims ~ p:nth-of-type(6) {
|
||||||
|
text-align: center;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* 404 Page */
|
||||||
|
#error {
|
||||||
|
text-align: center;
|
||||||
|
padding: 0em 5em;
|
||||||
|
}
|
||||||
|
|
||||||
|
#error h1 {
|
||||||
|
display: block;
|
||||||
|
font-size: 2.5em;
|
||||||
|
padding-bottom: 1em;
|
||||||
|
margin-bottom: 1em;
|
||||||
|
margin-top: 1em;
|
||||||
|
border-bottom: 1px solid #eee;
|
||||||
|
}
|
||||||
|
|
||||||
|
#error p {
|
||||||
|
font-style: italic;
|
||||||
|
color: #555;
|
||||||
|
}
|
BIN
assets/fonts/icon.eot
Executable file
22
assets/fonts/icon.svg
Executable file
@ -0,0 +1,22 @@
|
|||||||
|
<?xml version="1.0" standalone="no"?>
|
||||||
|
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" >
|
||||||
|
<svg xmlns="http://www.w3.org/2000/svg">
|
||||||
|
<metadata>Generated by IcoMoon</metadata>
|
||||||
|
<defs>
|
||||||
|
<font id="icon" horiz-adv-x="1024">
|
||||||
|
<font-face units-per-em="1024" ascent="960" descent="-64" />
|
||||||
|
<missing-glyph horiz-adv-x="1024" />
|
||||||
|
<glyph unicode=" " horiz-adv-x="512" d="" />
|
||||||
|
<glyph unicode="" glyph-name="search" d="M661.333 341.334h-33.92l-11.733 11.733c41.813 48.427 66.987 111.36 66.987 180.267 0 153.173-124.16 277.333-277.333 277.333s-277.333-124.16-277.333-277.333 124.16-277.333 277.333-277.333c68.907 0 131.84 25.173 180.267 66.773l11.733-11.733v-33.707l213.333-212.907 63.573 63.573-212.907 213.333zM405.333 341.334c-106.027 0-192 85.973-192 192s85.973 192 192 192 192-85.973 192-192-85.973-192-192-192z" />
|
||||||
|
<glyph unicode="" glyph-name="arrow-back" d="M853.333 469.334h-519.253l238.293 238.293-60.373 60.373-341.333-341.333 341.333-341.333 60.373 60.373-238.293 238.293h519.253v85.333z" />
|
||||||
|
<glyph unicode="" glyph-name="chevron-right" d="M426.667 682.667l-60.373-60.373 195.627-195.627-195.627-195.627 60.373-60.373 256 256z" />
|
||||||
|
<glyph unicode="" glyph-name="close" d="M810.667 664.96l-60.373 60.373-238.293-238.293-238.293 238.293-60.373-60.373 238.293-238.293-238.293-238.293 60.373-60.373 238.293 238.293 238.293-238.293 60.373 60.373-238.293 238.293z" />
|
||||||
|
<glyph unicode="" glyph-name="menu" d="M128 170.667h768v85.333h-768v-85.333zM128 384h768v85.333h-768v-85.333zM128 682.667v-85.333h768v85.333h-768z" />
|
||||||
|
<glyph unicode="" glyph-name="arrow-forward" d="M512 768l-60.373-60.373 238.293-238.293h-519.253v-85.333h519.253l-238.293-238.293 60.373-60.373 341.333 341.333z" />
|
||||||
|
<glyph unicode="" glyph-name="twitter" d="M1024 744.249c-37.676-16.708-78.164-28.002-120.66-33.080 43.372 26 76.686 67.17 92.372 116.23-40.596-24.078-85.556-41.56-133.41-50.98-38.32 40.83-92.922 66.34-153.346 66.34-116.022 0-210.088-94.058-210.088-210.078 0-16.466 1.858-32.5 5.44-47.878-174.6 8.764-329.402 92.4-433.018 219.506-18.084-31.028-28.446-67.116-28.446-105.618 0-72.888 37.088-137.192 93.46-174.866-34.438 1.092-66.832 10.542-95.154 26.278-0.020-0.876-0.020-1.756-0.020-2.642 0-101.788 72.418-186.696 168.522-206-17.626-4.8-36.188-7.372-55.348-7.372-13.538 0-26.698 1.32-39.528 3.772 26.736-83.46 104.32-144.206 196.252-145.896-71.9-56.35-162.486-89.934-260.916-89.934-16.958 0-33.68 0.994-50.116 2.94 92.972-59.61 203.402-94.394 322.042-94.394 386.422 0 597.736 320.124 597.736 597.744 0 9.108-0.206 18.168-0.61 27.18 41.056 29.62 76.672 66.62 104.836 108.748z" />
|
||||||
|
<glyph unicode="" glyph-name="github" d="M512.008 926.025c-282.738 0-512.008-229.218-512.008-511.998 0-226.214 146.704-418.132 350.136-485.836 25.586-4.738 34.992 11.11 34.992 24.632 0 12.204-0.48 52.542-0.696 95.324-142.448-30.976-172.504 60.41-172.504 60.41-23.282 59.176-56.848 74.916-56.848 74.916-46.452 31.778 3.51 31.124 3.51 31.124 51.4-3.61 78.476-52.766 78.476-52.766 45.672-78.27 119.776-55.64 149.004-42.558 4.588 33.086 17.852 55.68 32.506 68.464-113.73 12.942-233.276 56.85-233.276 253.032 0 55.898 20.004 101.574 52.76 137.428-5.316 12.9-22.854 64.972 4.952 135.5 0 0 43.006 13.752 140.84-52.49 40.836 11.348 84.636 17.036 128.154 17.234 43.502-0.198 87.336-5.886 128.256-17.234 97.734 66.244 140.656 52.49 140.656 52.49 27.872-70.528 10.35-122.6 5.036-135.5 32.82-35.856 52.694-81.532 52.694-137.428 0-196.654-119.778-239.95-233.79-252.624 18.364-15.89 34.724-47.046 34.724-94.812 0-68.508-0.596-123.644-0.596-140.508 0-13.628 9.222-29.594 35.172-24.566 203.322 67.776 349.842 259.626 349.842 485.768 0 282.78-229.234 511.998-511.992 511.998z" />
|
||||||
|
<glyph unicode="" glyph-name="download" d="M810.667 554.667h-170.667v256h-256v-256h-170.667l298.667-298.667 298.667 298.667zM213.333 170.667v-85.333h597.333v85.333h-597.333z" />
|
||||||
|
<glyph unicode="" glyph-name="star" d="M512 201.814l263.68-159.147-69.973 299.947 232.96 201.813-306.773 26.027-119.893 282.88-119.893-282.88-306.773-26.027 232.96-201.813-69.973-299.947z" />
|
||||||
|
<glyph unicode="" glyph-name="warning" d="M554 340.667v172h-84v-172h84zM554 170.667v86h-84v-86h84zM42 42.667l470 810 470-810h-940z" />
|
||||||
|
<glyph unicode="" glyph-name="hint" d="M614 682.667h240v-426h-300l-16 84h-240v-298h-84v726h384z" />
|
||||||
|
</font></defs></svg>
|
After Width: | Height: | Size: 4.3 KiB |
BIN
assets/fonts/icon.ttf
Executable file
BIN
assets/fonts/icon.woff
Executable file
BIN
assets/images/favicon-e565ddfa3b.ico
Normal file
After Width: | Height: | Size: 1.1 KiB |
BIN
assets/images/favicon.ico
Normal file
After Width: | Height: | Size: 1.1 KiB |
BIN
assets/img/cover.png
Normal file
After Width: | Height: | Size: 42 KiB |
BIN
assets/img/headers/gene_kranz.jpg
Normal file
After Width: | Height: | Size: 455 KiB |
BIN
assets/img/headers/incident_command_support.jpg
Normal file
After Width: | Height: | Size: 640 KiB |
BIN
assets/img/headers/incident_response.jpg
Normal file
After Width: | Height: | Size: 891 KiB |
BIN
assets/img/headers/obama_phone.jpg
Normal file
After Width: | Height: | Size: 149 KiB |
BIN
assets/img/headers/pagerduty_ir.jpg
Normal file
After Width: | Height: | Size: 243 KiB |
BIN
assets/img/headers/pagerduty_post_mortem.jpg
Normal file
After Width: | Height: | Size: 252 KiB |
BIN
assets/img/headers/sph_ir.jpg
Normal file
After Width: | Height: | Size: 174 KiB |
BIN
assets/img/headers/typewriter.jpg
Normal file
After Width: | Height: | Size: 160 KiB |
BIN
assets/img/icon.png
Normal file
After Width: | Height: | Size: 61 KiB |
BIN
assets/img/logo.png
Normal file
After Width: | Height: | Size: 7.9 KiB |
BIN
assets/img/misc/ack.png
Normal file
After Width: | Height: | Size: 158 KiB |
BIN
assets/img/misc/ack_bak.png
Normal file
After Width: | Height: | Size: 11 KiB |
BIN
assets/img/misc/alert_fatigue.png
Normal file
After Width: | Height: | Size: 221 KiB |
BIN
assets/img/misc/communicate.png
Normal file
After Width: | Height: | Size: 12 KiB |
BIN
assets/img/misc/escalation.png
Normal file
After Width: | Height: | Size: 26 KiB |
BIN
assets/img/misc/incident_response_roles.png
Normal file
After Width: | Height: | Size: 40 KiB |
BIN
assets/img/misc/incident_roles.png
Normal file
After Width: | Height: | Size: 22 KiB |
BIN
assets/img/misc/mobile_alerts.png
Normal file
After Width: | Height: | Size: 7.3 KiB |
BIN
assets/img/misc/oncall_burnout.png
Normal file
After Width: | Height: | Size: 8.6 KiB |
BIN
assets/img/misc/schedule.png
Normal file
After Width: | Height: | Size: 22 KiB |
BIN
assets/img/misc/triage.png
Normal file
After Width: | Height: | Size: 4.8 KiB |
BIN
assets/img/screenshots/high_business_hours.png
Normal file
After Width: | Height: | Size: 46 KiB |
BIN
assets/img/screenshots/high_urgency.png
Normal file
After Width: | Height: | Size: 15 KiB |
BIN
assets/img/screenshots/low_urgency.png
Normal file
After Width: | Height: | Size: 14 KiB |
BIN
assets/img/screenshots/prio-high.png
Normal file
After Width: | Height: | Size: 14 KiB |
BIN
assets/img/screenshots/prio-low.png
Normal file
After Width: | Height: | Size: 7.9 KiB |
BIN
assets/img/screenshots/prio-norm.png
Normal file
After Width: | Height: | Size: 15 KiB |
BIN
assets/img/screenshots/suppressed.png
Normal file
After Width: | Height: | Size: 14 KiB |
BIN
assets/img/thumbnails/nims_core.png
Normal file
After Width: | Height: | Size: 67 KiB |
BIN
assets/img/thumbnails/nims_training.png
Normal file
After Width: | Height: | Size: 68 KiB |
1
assets/javascripts/application-997097ee0c.js
Normal file
1
assets/javascripts/application.js
Normal file
1
assets/javascripts/modernizr-4ab42b99fd.js
Normal file
1
assets/javascripts/modernizr.js
Normal file
1
assets/stylesheets/application-a422ff04cc.css
Normal file
1
assets/stylesheets/application.css
Normal file
1
assets/stylesheets/palettes-05ab2406df.css
Normal file
1
assets/stylesheets/palettes.css
Normal file
593
before/call_etiquette/index.html
Normal file
@ -0,0 +1,593 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if lt IE 7 ]><html class="no-js ie6"><![endif]-->
|
||||||
|
<!--[if IE 7 ]><html class="no-js ie7"><![endif]-->
|
||||||
|
<!--[if IE 8 ]><html class="no-js ie8"><![endif]-->
|
||||||
|
<!--[if IE 9 ]><html class="no-js ie9"><![endif]-->
|
||||||
|
<!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
|
||||||
|
<title>Call Etiquette - Spearhead Systems Incident Response Documentation</title>
|
||||||
|
|
||||||
|
<!-- Author and License -->
|
||||||
|
<meta name="author" content="Spearhead Systems, Inc." />
|
||||||
|
<meta name="dcterms.license" content="http://www.apache.org/licenses/LICENSE-2.0" />
|
||||||
|
|
||||||
|
<!-- Page Description -->
|
||||||
|
|
||||||
|
<meta name="keywords" content="spearhead, incident, response" />
|
||||||
|
<meta name="robots" content="index, follow, noarchive" />
|
||||||
|
|
||||||
|
<!-- Mobile -->
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0" />
|
||||||
|
<meta name="theme-color" content="#1f293a" />
|
||||||
|
|
||||||
|
<!-- Canonical Link -->
|
||||||
|
<link rel="canonical" href="https://response.spearhead.systems/before/call_etiquette/">
|
||||||
|
|
||||||
|
<!-- Favicon -->
|
||||||
|
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
<link rel="icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
|
||||||
|
<!-- Apple -->
|
||||||
|
<meta name="apple-mobile-web-app-title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||||
|
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
|
||||||
|
<link rel="apple-touch-icon" href="../../assets/img/icon.png">
|
||||||
|
|
||||||
|
<!-- Open Graph -->
|
||||||
|
<meta property="og:url" content="https://response.spearhead.systems/before/call_etiquette/" />
|
||||||
|
<meta property="og:title" content="Call Etiquette - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:site_name" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta property="og:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
<meta property="og:locale" content="en_US" />
|
||||||
|
<meta property="og:type" content="website" />
|
||||||
|
|
||||||
|
<!-- Twitter -->
|
||||||
|
<meta name="twitter:card" content="summary_large_image" />
|
||||||
|
<meta name="twitter:title" content="Call Etiquette - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="twitter:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta name="twitter:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
|
||||||
|
<!-- Style -->
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Icon';
|
||||||
|
src: url('../../assets/fonts/icon.eot?52m981');
|
||||||
|
src: url('../../assets/fonts/icon.eot?#iefix52m981')
|
||||||
|
format('embedded-opentype'),
|
||||||
|
url('../../assets/fonts/icon.woff?52m981')
|
||||||
|
format('woff'),
|
||||||
|
url('../../assets/fonts/icon.ttf?52m981')
|
||||||
|
format('truetype'),
|
||||||
|
url('../../assets/fonts/icon.svg?52m981#icon')
|
||||||
|
format('svg');
|
||||||
|
font-weight: normal;
|
||||||
|
font-style: normal;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/application-a422ff04cc.css">
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/palettes-05ab2406df.css">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Mono">
|
||||||
|
<style>
|
||||||
|
body, input {
|
||||||
|
font-family: 'Roboto', Helvetica, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
pre, code {
|
||||||
|
font-family: 'Roboto Mono', 'Courier New', 'Courier', monospace;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/css/extra.css">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Scripts -->
|
||||||
|
<script src="../../assets/javascripts/modernizr-4ab42b99fd.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<body class="palette-primary-green palette-accent-blue-grey">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="backdrop">
|
||||||
|
<div class="backdrop-paper"></div>
|
||||||
|
</div>
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-drawer">
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-search">
|
||||||
|
<label class="toggle-button overlay" for="toggle-drawer"></label>
|
||||||
|
<header class="header">
|
||||||
|
<nav aria-label="Header">
|
||||||
|
<div class="bar default">
|
||||||
|
<div class="button button-menu" role="button" aria-label="Menu">
|
||||||
|
<label class="toggle-button icon icon-menu" for="toggle-drawer">
|
||||||
|
<span></span>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="mainlogo">
|
||||||
|
<a href="/" title="Go to homepage.">
|
||||||
|
<img src="../../assets/img/logo.png" title="Spearhead Systems" />
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="title">
|
||||||
|
<span class="path">
|
||||||
|
Incident Response
|
||||||
|
<i class="icon icon-link"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="path">
|
||||||
|
|
||||||
|
|
||||||
|
Before an Incident <i class="icon icon-link"></i>
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
Call Etiquette
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-twitter" role="button" aria-label="Twitter">
|
||||||
|
<a href="https://twitter.com/spearhead_sys" title="@spearhead_sys on Twitter" target="_blank" class="toggle-button icon icon-twitter"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-github" role="button" aria-label="GitHub">
|
||||||
|
<a href="https://github.com/spearheadsys" title="@spearheadsys on GitHub" target="_blank" class="toggle-button icon icon-github"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="button button-search" role="button" aria-label="Search">
|
||||||
|
<label class="toggle-button icon icon-search" title="Search" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="bar search">
|
||||||
|
<div class="button button-close" role="button" aria-label="Close">
|
||||||
|
<label class="toggle-button icon icon-back" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="field">
|
||||||
|
<input class="query" type="text" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-reset" role="button" aria-label="Search">
|
||||||
|
<button class="toggle-button icon icon-close" id="reset-search"></button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<main class="main">
|
||||||
|
|
||||||
|
<div class="drawer">
|
||||||
|
<nav aria-label="Navigation">
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs" class="project">
|
||||||
|
<div class="banner">
|
||||||
|
|
||||||
|
<div class="logo">
|
||||||
|
<img src="../../assets/img/icon.png">
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="name">
|
||||||
|
<strong>
|
||||||
|
Spearhead Systems Incident Response Documentation
|
||||||
|
<span class="version">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</strong>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
spearheadsys/issue-response-docs
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<ul class="repo">
|
||||||
|
<li class="repo-download">
|
||||||
|
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/archive/master.zip" target="_blank" title="Download" data-action="download">
|
||||||
|
<i class="icon icon-download"></i> Download
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
<li class="repo-stars">
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/stargazers" target="_blank" title="Stargazers" data-action="star">
|
||||||
|
<i class="icon icon-star"></i> Stars
|
||||||
|
<span class="count">–</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Home" href="../..">
|
||||||
|
Home
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">On-Call</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Being On-Call" href="../../oncall/being_oncall/">
|
||||||
|
Being On-Call
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Alerting Principles" href="../../oncall/alerting_principles/">
|
||||||
|
Alerting Principles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Before an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Severity Levels" href="../severity_levels/">
|
||||||
|
Severity Levels
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Different Roles" href="../different_roles/">
|
||||||
|
Different Roles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="current" title="Call Etiquette" href="./">
|
||||||
|
Call Etiquette
|
||||||
|
</a>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="First Steps" href="#first-steps">
|
||||||
|
First Steps
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Lingo" href="#lingo">
|
||||||
|
Lingo
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="The Team Leader" href="#the-team-leader">
|
||||||
|
The Team Leader
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Problems?" href="#problems">
|
||||||
|
Problems?
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">During an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="During An Incident" href="../../during/during_an_incident/">
|
||||||
|
During An Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Security Incident" href="../../during/security_incident_response/">
|
||||||
|
Security Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">After an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Process" href="../../after/post_mortem_process/">
|
||||||
|
Post-Mortem Process
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Template" href="../../after/post_mortem_template/">
|
||||||
|
Post-Mortem Template
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Training</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Overview" href="../../training/overview/">
|
||||||
|
Overview
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Team Leader" href="../../training/team_leader/">
|
||||||
|
Team Leader
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Sysadmin" href="../../training/sysadmin/">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Scribe" href="../../training/scribe/">
|
||||||
|
Scribe
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Subject Matter Expert" href="../../training/subject_matter_expert/">
|
||||||
|
Subject Matter Expert
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Glossary" href="../../training/glossary/">
|
||||||
|
Glossary
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="About" href="../../about/">
|
||||||
|
About
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</div>
|
||||||
|
<article class="article">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<h1>Call Etiquette</h1>
|
||||||
|
|
||||||
|
<p>You've just joined Spearhead Systems support staff and you've never worked in a service delivery function before. You have no idea what an incident or a service request is. You have no idea what's going on, or what you're supposed to be doing. This page will help you through your first time and will provide a reference for future issues you may be a part of.</p>
|
||||||
|
<p><img alt="Obama phone" src="../../assets/img/headers/obama_phone.jpg" />
|
||||||
|
<em>Credit: <a href="https://commons.wikimedia.org/wiki/File:Barack_Obama_on_phone_with_Benjamin_Netanyahu_2009-06-08.jpg">Official White House Photo</a> by Pete Souza</em></p>
|
||||||
|
<h2 id="first-steps">First Steps<a class="headerlink" href="#first-steps" title="Permanent link">#</a></h2>
|
||||||
|
<ul>
|
||||||
|
<li>If you intend on participating on the incident call you should join both the call, review the associated cards in DoIT, and jump on the corresponding Slack channel.</li>
|
||||||
|
<li>Make sure you are in a quiet environment in order to participate on the call. Background noise should be kept to a minimum.</li>
|
||||||
|
<li>Keep your microphone muted until you have something to say.</li>
|
||||||
|
<li>Identify yourself when you join the call; State your name and the system you are the expert for.</li>
|
||||||
|
<li>Speak up and speak clearly.</li>
|
||||||
|
<li>Be direct and factual.</li>
|
||||||
|
<li>Keep conversations/discussions short and to the point.</li>
|
||||||
|
<li>Bring any concerns to the Team Leader (IC) on the call.</li>
|
||||||
|
<li>Respect time constraints given by the Team Leader.</li>
|
||||||
|
</ul>
|
||||||
|
<div class="admonition warning">
|
||||||
|
<p class="admonition-title">Incident Call</p>
|
||||||
|
<p>Not all issues start with an incident call. Some issues may be completely automated and available only in DoIT while others may be in the incipient stages and the customer may still be on the phone/Slack detailing their issue.</p>
|
||||||
|
</div>
|
||||||
|
<h2 id="lingo">Lingo<a class="headerlink" href="#lingo" title="Permanent link">#</a></h2>
|
||||||
|
<p><strong>Use clear terminology, and avoid using acronyms or abbreviations during a call. Clear and accurate communication is more important than quick communication.</strong></p>
|
||||||
|
<p><img alt="Communication" src="../../assets/img/misc/communicate.png" /></p>
|
||||||
|
<p>Standard radio <a href="https://en.wikipedia.org/wiki/Voice_procedure#Words_in_voice_procedure">voice procedure</a> does not need to be followed on calls. However, you should familiarize yourself with the terms, as you may hear them on a call (or need to use them yourself). The ones in more active use on major incident calls are,</p>
|
||||||
|
<ul>
|
||||||
|
<li><strong>Ack/Rog</strong> - "I have received and understood"</li>
|
||||||
|
<li><strong>Say Again</strong> - "Repeat your last message"</li>
|
||||||
|
<li><strong>Standby</strong> - "Please wait a moment for the next response"</li>
|
||||||
|
<li><strong>Wilco</strong> - "Will comply"</li>
|
||||||
|
</ul>
|
||||||
|
<p>Do not invent new abbreviations, and always favor being explicit of implicit. It is better to make things clearer than to try and save time by abbreviating, only to have a misunderstanding because others didn't know the abbreviation.</p>
|
||||||
|
<h2 id="the-team-leader">The Team Leader<a class="headerlink" href="#the-team-leader" title="Permanent link">#</a></h2>
|
||||||
|
<p>The Team Leader (TL) is the leader of the incident response process, and is responsible for bringing the incident to resolution. They will announce themselves at the start of the call, and will generally be doing most of the talking.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Follow all instructions from the team leader, without exception.</li>
|
||||||
|
<li>Do not perform any actions unless the team leader has told you to do so.</li>
|
||||||
|
<li>The team leader will typically poll for any strong objections before performing a large action. This is your time to raise any objections if you have them.</li>
|
||||||
|
<li>Once the team leader has made a decision, that decision is final and should be followed, even if you disagreed during the poll.</li>
|
||||||
|
<li>Answer any questions the team leader asks you in a clear and concise way.<ul>
|
||||||
|
<li>Answering that you "don't know" something is perfectly acceptable. Do not try to guess.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>The team leader may ask you to investigate something and get back to them in X minutes. Make sure you are ready with an answer within that time.<ul>
|
||||||
|
<li>Answering that you need more time is perfectly acceptable, but you need to give the team leader an estimate of how much time.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="problems">Problems?<a class="headerlink" href="#problems" title="Permanent link">#</a></h2>
|
||||||
|
<h4 id="theres-no-team-leader-on-the-call-i-dont-know-what-to-do">There's no team leader on the call! I don't know what to do!<a class="headerlink" href="#theres-no-team-leader-on-the-call-i-dont-know-what-to-do" title="Permanent link">#</a></h4>
|
||||||
|
<p>Ask on the call if an TL is present. If you have no response, try asking in Slack. If there is no TL the sysadmin can take over this role temporarily.</p>
|
||||||
|
<h4 id="there-is-not-enough-information">There is not enough information!<a class="headerlink" href="#there-is-not-enough-information" title="Permanent link">#</a></h4>
|
||||||
|
<p>The definitive source of information for all issues is in DoIT. If at any point there is a discrepancy ask the TL or Sysadmins to provide up to date information and update the card/tasks accordingly. At a minimum information should be available in Slack.</p>
|
||||||
|
<h4 id="i-can-join-the-call-or-slack-but-not-both-what-should-i-do">I can join the call or Slack, but not both, what should I do?<a class="headerlink" href="#i-can-join-the-call-or-slack-but-not-both-what-should-i-do" title="Permanent link">#</a></h4>
|
||||||
|
<p>You're welcome to join only one of the channels, however you should not actively participate in the incident response if so, as it causes disjoined communication. Liaise with someone who is both in Slack and on the call to provide any input you may have so that they can raise it.</p>
|
||||||
|
<aside class="copyright" role="note">
|
||||||
|
|
||||||
|
Copyright © Spearhead Systems, Inc. –
|
||||||
|
|
||||||
|
Documentation built with
|
||||||
|
<a href="http://www.mkdocs.org" target="_blank">MkDocs</a>
|
||||||
|
using the
|
||||||
|
<a href="http://squidfunk.github.io/mkdocs-material/" target="_blank">
|
||||||
|
Material
|
||||||
|
</a>
|
||||||
|
theme.
|
||||||
|
</aside>
|
||||||
|
|
||||||
|
<footer class="footer">
|
||||||
|
|
||||||
|
<nav class="pagination" aria-label="Footer">
|
||||||
|
<div class="previous">
|
||||||
|
|
||||||
|
<a href="../different_roles/" title="Different Roles">
|
||||||
|
<span class="direction">
|
||||||
|
Previous
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="button button-previous" role="button" aria-label="Previous">
|
||||||
|
<i class="icon icon-back"></i>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Different Roles
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="next">
|
||||||
|
|
||||||
|
<a href="../../during/during_an_incident/" title="During An Incident">
|
||||||
|
<span class="direction">
|
||||||
|
Next
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
During An Incident
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-next" role="button" aria-label="Next">
|
||||||
|
<i class="icon icon-forward"></i>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
|
<div class="results" role="status" aria-live="polite">
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
<div class="meta"></div>
|
||||||
|
<div class="list"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
<script>
|
||||||
|
var base_url = '../..';
|
||||||
|
var repo_id = 'spearheadsys/issue-response-docs';
|
||||||
|
</script>
|
||||||
|
<script src="../../assets/javascripts/application-997097ee0c.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
664
before/different_roles/index.html
Normal file
@ -0,0 +1,664 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if lt IE 7 ]><html class="no-js ie6"><![endif]-->
|
||||||
|
<!--[if IE 7 ]><html class="no-js ie7"><![endif]-->
|
||||||
|
<!--[if IE 8 ]><html class="no-js ie8"><![endif]-->
|
||||||
|
<!--[if IE 9 ]><html class="no-js ie9"><![endif]-->
|
||||||
|
<!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
|
||||||
|
<title>Different Roles - Spearhead Systems Incident Response Documentation</title>
|
||||||
|
|
||||||
|
<!-- Author and License -->
|
||||||
|
<meta name="author" content="Spearhead Systems, Inc." />
|
||||||
|
<meta name="dcterms.license" content="http://www.apache.org/licenses/LICENSE-2.0" />
|
||||||
|
|
||||||
|
<!-- Page Description -->
|
||||||
|
|
||||||
|
<meta name="keywords" content="spearhead, incident, response" />
|
||||||
|
<meta name="robots" content="index, follow, noarchive" />
|
||||||
|
|
||||||
|
<!-- Mobile -->
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0" />
|
||||||
|
<meta name="theme-color" content="#1f293a" />
|
||||||
|
|
||||||
|
<!-- Canonical Link -->
|
||||||
|
<link rel="canonical" href="https://response.spearhead.systems/before/different_roles/">
|
||||||
|
|
||||||
|
<!-- Favicon -->
|
||||||
|
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
<link rel="icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
|
||||||
|
<!-- Apple -->
|
||||||
|
<meta name="apple-mobile-web-app-title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||||
|
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
|
||||||
|
<link rel="apple-touch-icon" href="../../assets/img/icon.png">
|
||||||
|
|
||||||
|
<!-- Open Graph -->
|
||||||
|
<meta property="og:url" content="https://response.spearhead.systems/before/different_roles/" />
|
||||||
|
<meta property="og:title" content="Different Roles - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:site_name" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta property="og:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
<meta property="og:locale" content="en_US" />
|
||||||
|
<meta property="og:type" content="website" />
|
||||||
|
|
||||||
|
<!-- Twitter -->
|
||||||
|
<meta name="twitter:card" content="summary_large_image" />
|
||||||
|
<meta name="twitter:title" content="Different Roles - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="twitter:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta name="twitter:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
|
||||||
|
<!-- Style -->
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Icon';
|
||||||
|
src: url('../../assets/fonts/icon.eot?52m981');
|
||||||
|
src: url('../../assets/fonts/icon.eot?#iefix52m981')
|
||||||
|
format('embedded-opentype'),
|
||||||
|
url('../../assets/fonts/icon.woff?52m981')
|
||||||
|
format('woff'),
|
||||||
|
url('../../assets/fonts/icon.ttf?52m981')
|
||||||
|
format('truetype'),
|
||||||
|
url('../../assets/fonts/icon.svg?52m981#icon')
|
||||||
|
format('svg');
|
||||||
|
font-weight: normal;
|
||||||
|
font-style: normal;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/application-a422ff04cc.css">
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/palettes-05ab2406df.css">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Mono">
|
||||||
|
<style>
|
||||||
|
body, input {
|
||||||
|
font-family: 'Roboto', Helvetica, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
pre, code {
|
||||||
|
font-family: 'Roboto Mono', 'Courier New', 'Courier', monospace;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/css/extra.css">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Scripts -->
|
||||||
|
<script src="../../assets/javascripts/modernizr-4ab42b99fd.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<body class="palette-primary-green palette-accent-blue-grey">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="backdrop">
|
||||||
|
<div class="backdrop-paper"></div>
|
||||||
|
</div>
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-drawer">
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-search">
|
||||||
|
<label class="toggle-button overlay" for="toggle-drawer"></label>
|
||||||
|
<header class="header">
|
||||||
|
<nav aria-label="Header">
|
||||||
|
<div class="bar default">
|
||||||
|
<div class="button button-menu" role="button" aria-label="Menu">
|
||||||
|
<label class="toggle-button icon icon-menu" for="toggle-drawer">
|
||||||
|
<span></span>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="mainlogo">
|
||||||
|
<a href="/" title="Go to homepage.">
|
||||||
|
<img src="../../assets/img/logo.png" title="Spearhead Systems" />
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="title">
|
||||||
|
<span class="path">
|
||||||
|
Incident Response
|
||||||
|
<i class="icon icon-link"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="path">
|
||||||
|
|
||||||
|
|
||||||
|
Before an Incident <i class="icon icon-link"></i>
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
Different Roles
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-twitter" role="button" aria-label="Twitter">
|
||||||
|
<a href="https://twitter.com/spearhead_sys" title="@spearhead_sys on Twitter" target="_blank" class="toggle-button icon icon-twitter"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-github" role="button" aria-label="GitHub">
|
||||||
|
<a href="https://github.com/spearheadsys" title="@spearheadsys on GitHub" target="_blank" class="toggle-button icon icon-github"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="button button-search" role="button" aria-label="Search">
|
||||||
|
<label class="toggle-button icon icon-search" title="Search" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="bar search">
|
||||||
|
<div class="button button-close" role="button" aria-label="Close">
|
||||||
|
<label class="toggle-button icon icon-back" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="field">
|
||||||
|
<input class="query" type="text" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-reset" role="button" aria-label="Search">
|
||||||
|
<button class="toggle-button icon icon-close" id="reset-search"></button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<main class="main">
|
||||||
|
|
||||||
|
<div class="drawer">
|
||||||
|
<nav aria-label="Navigation">
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs" class="project">
|
||||||
|
<div class="banner">
|
||||||
|
|
||||||
|
<div class="logo">
|
||||||
|
<img src="../../assets/img/icon.png">
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="name">
|
||||||
|
<strong>
|
||||||
|
Spearhead Systems Incident Response Documentation
|
||||||
|
<span class="version">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</strong>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
spearheadsys/issue-response-docs
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<ul class="repo">
|
||||||
|
<li class="repo-download">
|
||||||
|
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/archive/master.zip" target="_blank" title="Download" data-action="download">
|
||||||
|
<i class="icon icon-download"></i> Download
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
<li class="repo-stars">
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/stargazers" target="_blank" title="Stargazers" data-action="star">
|
||||||
|
<i class="icon icon-star"></i> Stars
|
||||||
|
<span class="count">–</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Home" href="../..">
|
||||||
|
Home
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">On-Call</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Being On-Call" href="../../oncall/being_oncall/">
|
||||||
|
Being On-Call
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Alerting Principles" href="../../oncall/alerting_principles/">
|
||||||
|
Alerting Principles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Before an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Severity Levels" href="../severity_levels/">
|
||||||
|
Severity Levels
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="current" title="Different Roles" href="./">
|
||||||
|
Different Roles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Team Leader (TL)" href="#team-leader-tl">
|
||||||
|
Team Leader (TL)
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Sysadmin" href="#sysadmin">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Scribe" href="#scribe">
|
||||||
|
Scribe
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Subject Matter Expert" href="#subject-matter-expert">
|
||||||
|
Subject Matter Expert
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Customer Liaison" href="#customer-liaison">
|
||||||
|
Customer Liaison
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Call Etiquette" href="../call_etiquette/">
|
||||||
|
Call Etiquette
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">During an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="During An Incident" href="../../during/during_an_incident/">
|
||||||
|
During An Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Security Incident" href="../../during/security_incident_response/">
|
||||||
|
Security Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">After an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Process" href="../../after/post_mortem_process/">
|
||||||
|
Post-Mortem Process
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Template" href="../../after/post_mortem_template/">
|
||||||
|
Post-Mortem Template
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Training</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Overview" href="../../training/overview/">
|
||||||
|
Overview
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Team Leader" href="../../training/team_leader/">
|
||||||
|
Team Leader
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Sysadmin" href="../../training/sysadmin/">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Scribe" href="../../training/scribe/">
|
||||||
|
Scribe
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Subject Matter Expert" href="../../training/subject_matter_expert/">
|
||||||
|
Subject Matter Expert
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Glossary" href="../../training/glossary/">
|
||||||
|
Glossary
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="About" href="../../about/">
|
||||||
|
About
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</div>
|
||||||
|
<article class="article">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<h1>Different Roles</h1>
|
||||||
|
|
||||||
|
<p>Our support services are deliviered via a flat organizational structure. The same people that deliver projects are also there to deliver ongoing support/maintenance services.
|
||||||
|
There are several roles in our support team at Spearhead Systems. Certain roles only have one person per incident (e.g. sysadmin), whereas other roles can have multiple people (e.g. Sysadmins, Solution Architects, etc.). It's all about coming together as a team, working the problem, and getting a solution quickly.</p>
|
||||||
|
<p>Here is a rough outline of our role hierarchy, with each role discussed in more detail on the rest of this page.</p>
|
||||||
|
<p><img alt="Incident Response Structure" src="../../assets/img/misc/incident_roles.png" /></p>
|
||||||
|
<hr />
|
||||||
|
<h2 id="team-leader-tl">Team Leader (TL)<a class="headerlink" href="#team-leader-tl" title="Permanent link">#</a></h2>
|
||||||
|
<h3 id="what-is-it">What is it?<a class="headerlink" href="#what-is-it" title="Permanent link">#</a></h3>
|
||||||
|
<p>A Team Leader acts as the single source of truth of what is currently happening and what is going to happen during an major incident. They come in all shapes, sizes, and colors. TL's are also the key elements in a project (boards in DoIT).</p>
|
||||||
|
<h3 id="why-have-one">Why have one?<a class="headerlink" href="#why-have-one" title="Permanent link">#</a></h3>
|
||||||
|
<p>As any system grows in size and complexity, things break and cause incidents. The TL is needed to help drive major incidents to resolution by organizing his team towards a common goal. A TL's skillset includes project and resource management skills which are essential in driving both projects and incidents to a smooth resolution.</p>
|
||||||
|
<h3 id="what-are-the-responsibilities">What are the responsibilities?<a class="headerlink" href="#what-are-the-responsibilities" title="Permanent link">#</a></h3>
|
||||||
|
<ol>
|
||||||
|
<li>Help prepare for projects and incidents,<ul>
|
||||||
|
<li>Setup communications channels.</li>
|
||||||
|
<li>Create the DoIT board(s) and other project planning related materials.</li>
|
||||||
|
<li>Funnel people to these communications channels.</li>
|
||||||
|
<li>Train team members on how to communicate and train other TL's.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>Drive incidents and projects to resolution,<ul>
|
||||||
|
<li>Get everyone on the same communication channel.</li>
|
||||||
|
<li>Collect information from team members for their services/area of ownership status.</li>
|
||||||
|
<li>Collect proposed repair actions, then recommend repair actions to be taken.</li>
|
||||||
|
<li>Delegate all repair actions, the TL is NOT a resolver.</li>
|
||||||
|
<li>Be the single authority on system status</li>
|
||||||
|
<li>Communicate directly with the customers and end-users<ul>
|
||||||
|
<li>not the engineers themselves!</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>Post Mortem,<ul>
|
||||||
|
<li>Creating the initial template right after the incident so people can put in their thoughts while fresh.</li>
|
||||||
|
<li>Assigning the post-mortem after the event is over, this can be done after the call.</li>
|
||||||
|
<li>Work with Managers/Support on scheduling preventive actions.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
<h3 id="who-are-they">Who are they?<a class="headerlink" href="#who-are-they" title="Permanent link">#</a></h3>
|
||||||
|
<p>Anyone on the TL on-call schedule. Trainees are typically on the TL Shadow schedule.</p>
|
||||||
|
<h3 id="how-can-i-become-one">How can I become one?<a class="headerlink" href="#how-can-i-become-one" title="Permanent link">#</a></h3>
|
||||||
|
<p>Take a look at our <a href="/training/incident_commander.md">Team Leader training guide</a>.</p>
|
||||||
|
<hr />
|
||||||
|
<h2 id="sysadmin">Sysadmin<a class="headerlink" href="#sysadmin" title="Permanent link">#</a></h2>
|
||||||
|
<h3 id="what-is-it_1">What is it?<a class="headerlink" href="#what-is-it_1" title="Permanent link">#</a></h3>
|
||||||
|
<p>A Sysadmin is a direct support role for the Team Leader. This is not a shadow where the person just observes, the Sysadmin is expected to perform important tasks during an incident.</p>
|
||||||
|
<h3 id="why-have-one_1">Why have one?<a class="headerlink" href="#why-have-one_1" title="Permanent link">#</a></h3>
|
||||||
|
<p>It's important for the TL to focus on the problem at hand, rather than worrying about documenting the steps or monitoring timers. The Sysadmin helps to support the TL and keep them stay focussed on the incident.</p>
|
||||||
|
<h3 id="what-are-the-responsibilities_1">What are the responsibilities?<a class="headerlink" href="#what-are-the-responsibilities_1" title="Permanent link">#</a></h3>
|
||||||
|
<p>The Sysadmin is expected to:</p>
|
||||||
|
<ol>
|
||||||
|
<li>Bring up issues to the TL that may otherwise not be addressed (keeping an eye on timers that have been started, circling back around to missed items from a roll call, etc).</li>
|
||||||
|
<li>Be a "hot standby" TL, should the primary need to either transition to a SME, or otherwise have to step away from the TL role.</li>
|
||||||
|
<li>Page SME's or other on-call engineers as instructed by the Team Leader.</li>
|
||||||
|
<li>Manage the incident call, and be prepared to remove people from the call if instructed by the Team Leader.</li>
|
||||||
|
<li>Liaise with stakeholders and provide status updates on DoIT (using worklogs and comments), Slack and email/telefone as necessary.</li>
|
||||||
|
</ol>
|
||||||
|
<h3 id="who-are-they_1">Who are they?<a class="headerlink" href="#who-are-they_1" title="Permanent link">#</a></h3>
|
||||||
|
<p>Any Team Leader can act as a Sysadmin. Sysadmins need to be trained as an Team Leader as they may be required to take over command.</p>
|
||||||
|
<h3 id="how-can-i-become-one_1">How can I become one?<a class="headerlink" href="#how-can-i-become-one_1" title="Permanent link">#</a></h3>
|
||||||
|
<p>Take a look at our <a href="/training/deputy.md">Sysadmin training guide</a>. Sysadmins also need to be <a href="/training/incident_commander.md">trained as an Team Leaders</a>.</p>
|
||||||
|
<hr />
|
||||||
|
<h2 id="scribe">Scribe<a class="headerlink" href="#scribe" title="Permanent link">#</a></h2>
|
||||||
|
<h3 id="what-is-it_2">What is it?<a class="headerlink" href="#what-is-it_2" title="Permanent link">#</a></h3>
|
||||||
|
<p>A Scribe documents the timeline of an incident as it progresses, and makes sure all important decisions and data are captured for later review. We will not have a dedicated Scibe in all situations therefore a junior will take on this role. This is an essential role as all Juniors are expectd to grow into other areas and take on more responsibilities as they evolve.</p>
|
||||||
|
<h3 id="why-have-one_2">Why have one?<a class="headerlink" href="#why-have-one_2" title="Permanent link">#</a></h3>
|
||||||
|
<p>The Team Leader will need to focus on the problem at hand, and the sysadmins and subject matter experts will need to focus on resolving the incident. It is important to capture a timeline of events as they happen so that they can be reviewed during the post-mortem to determine how well we performed, and so we can accurate determine any additional impact that we might not have noticed at the time.</p>
|
||||||
|
<h3 id="what-are-the-responsibilities_2">What are the responsibilities?<a class="headerlink" href="#what-are-the-responsibilities_2" title="Permanent link">#</a></h3>
|
||||||
|
<p>The Scribe is expected to:</p>
|
||||||
|
<ol>
|
||||||
|
<li>Ensure the incident call is being recorded.</li>
|
||||||
|
<li>Note in DoIT, Slack, etc. important data, events, and actions, as they happen. Specifically:<ul>
|
||||||
|
<li>Key actions as they are taken (Example: "prod-server-387723 is being restarted to attempt to remove the stuck lock")</li>
|
||||||
|
<li>Status reports when one is provided by the TL (Example: "We are in IN-Major, service A is currently not processing events due to a stuck lock, X is restarting the app stack, next checkin in 3 minutes")</li>
|
||||||
|
<li>Any key callouts either during the call or at the ending review (Example: "Note: (Bob B) We should have a better way to determine stuck locks.")</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
<h3 id="who-are-they_2">Who are they?<a class="headerlink" href="#who-are-they_2" title="Permanent link">#</a></h3>
|
||||||
|
<p>Anyone can act as a Sribe during an incident, and are chosen by the Team Leader at the start of the call. Typically the Sysadmin will act as the Scribe, but that doesn't necessarily need to happen, and for larger incidents may not be possible.</p>
|
||||||
|
<h3 id="how-can-i-become-one_2">How can I become one?<a class="headerlink" href="#how-can-i-become-one_2" title="Permanent link">#</a></h3>
|
||||||
|
<p>Follow our <a href="../../training/scribe/">Scribe training guide</a>, and then notify the Team Leaders that you would like to be considered for scribing for the next incident.</p>
|
||||||
|
<hr />
|
||||||
|
<h2 id="subject-matter-expert">Subject Matter Expert<a class="headerlink" href="#subject-matter-expert" title="Permanent link">#</a></h2>
|
||||||
|
<h3 id="what-is-it_3">What is it?<a class="headerlink" href="#what-is-it_3" title="Permanent link">#</a></h3>
|
||||||
|
<p>A Subject Matter Expert (SME), sometimes called a "Resolver" or "Architect", is a domain expert or designated owner of a component or service that is part of the Spearhead Systems service delivery concept.</p>
|
||||||
|
<h3 id="why-have-one_3">Why have one?<a class="headerlink" href="#why-have-one_3" title="Permanent link">#</a></h3>
|
||||||
|
<p>The TL and Sysadmins are not all-knowing super beings. When there is a problem with a service or a particular system, an expert in that service is needed to be able to quickly help identify and fix issues.</p>
|
||||||
|
<h3 id="what-are-the-responsibilities_3">What are the responsibilities?<a class="headerlink" href="#what-are-the-responsibilities_3" title="Permanent link">#</a></h3>
|
||||||
|
<ol>
|
||||||
|
<li>Being able to diagnose common problems with the service.</li>
|
||||||
|
<li>Being able to rapidly fix issues found during an incident.</li>
|
||||||
|
<li>Concise communication skills, specifically for CAN reports:<ul>
|
||||||
|
<li>Condition: What is the current state of the service? Is it healthy or not?</li>
|
||||||
|
<li>Actions: What actions need to be taken if the service is not in a healthy state?</li>
|
||||||
|
<li>Needs: What support does the resolver need to perform an action?</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
<h3 id="who-are-they_3">Who are they?<a class="headerlink" href="#who-are-they_3" title="Permanent link">#</a></h3>
|
||||||
|
<p>Anyone who is considered a "domain expert" can act as a resolver for an incident. Typically the service's primary on-call will act as the SME for that service.</p>
|
||||||
|
<h3 id="how-can-i-become-one_3">How can I become one?<a class="headerlink" href="#how-can-i-become-one_3" title="Permanent link">#</a></h3>
|
||||||
|
<p>Take a look at our <a href="../../training/subject_matter_expert/">Subject Matter Expert training guide</a>. You should also discuss with your team and service owner to determine what the requirements are for your particular service.</p>
|
||||||
|
<hr />
|
||||||
|
<h2 id="customer-liaison">Customer Liaison<a class="headerlink" href="#customer-liaison" title="Permanent link">#</a></h2>
|
||||||
|
<h3 id="what-is-it_4">What is it?<a class="headerlink" href="#what-is-it_4" title="Permanent link">#</a></h3>
|
||||||
|
<p>A person responsible for interacting with customers, either directly, or via our public communication channels. This is typically the TL while in some situations another member of the Support Team or even Management may intervene and relay vital information to the customer.</p>
|
||||||
|
<h3 id="why-have-one_4">Why have one?<a class="headerlink" href="#why-have-one_4" title="Permanent link">#</a></h3>
|
||||||
|
<p>All of the other roles will be actively working on identifying the cause and resolving the issue, we need a role which is focused purely on the customer interaction side of things so that it can be done properly, with the due care and attention it needs.</p>
|
||||||
|
<h3 id="what-are-the-responsibilities_4">What are the responsibilities?<a class="headerlink" href="#what-are-the-responsibilities_4" title="Permanent link">#</a></h3>
|
||||||
|
<ol>
|
||||||
|
<li>Post any publicly facing messages regarding the incident (DoIT, Twitter, etc).</li>
|
||||||
|
<li>Notify the TL of any customers reporting that they are affected by the incident.</li>
|
||||||
|
</ol>
|
||||||
|
<h3 id="who-are-they_4">Who are they?<a class="headerlink" href="#who-are-they_4" title="Permanent link">#</a></h3>
|
||||||
|
<p>Any member of the Support Team or Management (provided user has undergone trainig) can act as a customer liaison.</p>
|
||||||
|
<h3 id="how-can-i-become-one_4">How can I become one?<a class="headerlink" href="#how-can-i-become-one_4" title="Permanent link">#</a></h3>
|
||||||
|
<p>Discuss with the Support Team about becoming our next customer liaison.</p>
|
||||||
|
<aside class="copyright" role="note">
|
||||||
|
|
||||||
|
Copyright © Spearhead Systems, Inc. –
|
||||||
|
|
||||||
|
Documentation built with
|
||||||
|
<a href="http://www.mkdocs.org" target="_blank">MkDocs</a>
|
||||||
|
using the
|
||||||
|
<a href="http://squidfunk.github.io/mkdocs-material/" target="_blank">
|
||||||
|
Material
|
||||||
|
</a>
|
||||||
|
theme.
|
||||||
|
</aside>
|
||||||
|
|
||||||
|
<footer class="footer">
|
||||||
|
|
||||||
|
<nav class="pagination" aria-label="Footer">
|
||||||
|
<div class="previous">
|
||||||
|
|
||||||
|
<a href="../severity_levels/" title="Severity Levels">
|
||||||
|
<span class="direction">
|
||||||
|
Previous
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="button button-previous" role="button" aria-label="Previous">
|
||||||
|
<i class="icon icon-back"></i>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Severity Levels
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="next">
|
||||||
|
|
||||||
|
<a href="../call_etiquette/" title="Call Etiquette">
|
||||||
|
<span class="direction">
|
||||||
|
Next
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Call Etiquette
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-next" role="button" aria-label="Next">
|
||||||
|
<i class="icon icon-forward"></i>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
|
<div class="results" role="status" aria-live="polite">
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
<div class="meta"></div>
|
||||||
|
<div class="list"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
<script>
|
||||||
|
var base_url = '../..';
|
||||||
|
var repo_id = 'spearheadsys/issue-response-docs';
|
||||||
|
</script>
|
||||||
|
<script src="../../assets/javascripts/application-997097ee0c.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
605
before/severity_levels/index.html
Normal file
@ -0,0 +1,605 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if lt IE 7 ]><html class="no-js ie6"><![endif]-->
|
||||||
|
<!--[if IE 7 ]><html class="no-js ie7"><![endif]-->
|
||||||
|
<!--[if IE 8 ]><html class="no-js ie8"><![endif]-->
|
||||||
|
<!--[if IE 9 ]><html class="no-js ie9"><![endif]-->
|
||||||
|
<!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
|
||||||
|
<title>Severity Levels - Spearhead Systems Incident Response Documentation</title>
|
||||||
|
|
||||||
|
<!-- Author and License -->
|
||||||
|
<meta name="author" content="Spearhead Systems, Inc." />
|
||||||
|
<meta name="dcterms.license" content="http://www.apache.org/licenses/LICENSE-2.0" />
|
||||||
|
|
||||||
|
<!-- Page Description -->
|
||||||
|
|
||||||
|
<meta name="keywords" content="spearhead, incident, response" />
|
||||||
|
<meta name="robots" content="index, follow, noarchive" />
|
||||||
|
|
||||||
|
<!-- Mobile -->
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0" />
|
||||||
|
<meta name="theme-color" content="#1f293a" />
|
||||||
|
|
||||||
|
<!-- Canonical Link -->
|
||||||
|
<link rel="canonical" href="https://response.spearhead.systems/before/severity_levels/">
|
||||||
|
|
||||||
|
<!-- Favicon -->
|
||||||
|
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
<link rel="icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
|
||||||
|
<!-- Apple -->
|
||||||
|
<meta name="apple-mobile-web-app-title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||||
|
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
|
||||||
|
<link rel="apple-touch-icon" href="../../assets/img/icon.png">
|
||||||
|
|
||||||
|
<!-- Open Graph -->
|
||||||
|
<meta property="og:url" content="https://response.spearhead.systems/before/severity_levels/" />
|
||||||
|
<meta property="og:title" content="Severity Levels - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:site_name" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta property="og:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
<meta property="og:locale" content="en_US" />
|
||||||
|
<meta property="og:type" content="website" />
|
||||||
|
|
||||||
|
<!-- Twitter -->
|
||||||
|
<meta name="twitter:card" content="summary_large_image" />
|
||||||
|
<meta name="twitter:title" content="Severity Levels - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="twitter:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta name="twitter:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
|
||||||
|
<!-- Style -->
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Icon';
|
||||||
|
src: url('../../assets/fonts/icon.eot?52m981');
|
||||||
|
src: url('../../assets/fonts/icon.eot?#iefix52m981')
|
||||||
|
format('embedded-opentype'),
|
||||||
|
url('../../assets/fonts/icon.woff?52m981')
|
||||||
|
format('woff'),
|
||||||
|
url('../../assets/fonts/icon.ttf?52m981')
|
||||||
|
format('truetype'),
|
||||||
|
url('../../assets/fonts/icon.svg?52m981#icon')
|
||||||
|
format('svg');
|
||||||
|
font-weight: normal;
|
||||||
|
font-style: normal;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/application-a422ff04cc.css">
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/palettes-05ab2406df.css">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Mono">
|
||||||
|
<style>
|
||||||
|
body, input {
|
||||||
|
font-family: 'Roboto', Helvetica, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
pre, code {
|
||||||
|
font-family: 'Roboto Mono', 'Courier New', 'Courier', monospace;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/css/extra.css">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Scripts -->
|
||||||
|
<script src="../../assets/javascripts/modernizr-4ab42b99fd.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<body class="palette-primary-green palette-accent-blue-grey">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="backdrop">
|
||||||
|
<div class="backdrop-paper"></div>
|
||||||
|
</div>
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-drawer">
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-search">
|
||||||
|
<label class="toggle-button overlay" for="toggle-drawer"></label>
|
||||||
|
<header class="header">
|
||||||
|
<nav aria-label="Header">
|
||||||
|
<div class="bar default">
|
||||||
|
<div class="button button-menu" role="button" aria-label="Menu">
|
||||||
|
<label class="toggle-button icon icon-menu" for="toggle-drawer">
|
||||||
|
<span></span>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="mainlogo">
|
||||||
|
<a href="/" title="Go to homepage.">
|
||||||
|
<img src="../../assets/img/logo.png" title="Spearhead Systems" />
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="title">
|
||||||
|
<span class="path">
|
||||||
|
Incident Response
|
||||||
|
<i class="icon icon-link"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="path">
|
||||||
|
|
||||||
|
|
||||||
|
Before an Incident <i class="icon icon-link"></i>
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
Severity Levels
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-twitter" role="button" aria-label="Twitter">
|
||||||
|
<a href="https://twitter.com/spearhead_sys" title="@spearhead_sys on Twitter" target="_blank" class="toggle-button icon icon-twitter"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-github" role="button" aria-label="GitHub">
|
||||||
|
<a href="https://github.com/spearheadsys" title="@spearheadsys on GitHub" target="_blank" class="toggle-button icon icon-github"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="button button-search" role="button" aria-label="Search">
|
||||||
|
<label class="toggle-button icon icon-search" title="Search" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="bar search">
|
||||||
|
<div class="button button-close" role="button" aria-label="Close">
|
||||||
|
<label class="toggle-button icon icon-back" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="field">
|
||||||
|
<input class="query" type="text" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-reset" role="button" aria-label="Search">
|
||||||
|
<button class="toggle-button icon icon-close" id="reset-search"></button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<main class="main">
|
||||||
|
|
||||||
|
<div class="drawer">
|
||||||
|
<nav aria-label="Navigation">
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs" class="project">
|
||||||
|
<div class="banner">
|
||||||
|
|
||||||
|
<div class="logo">
|
||||||
|
<img src="../../assets/img/icon.png">
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="name">
|
||||||
|
<strong>
|
||||||
|
Spearhead Systems Incident Response Documentation
|
||||||
|
<span class="version">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</strong>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
spearheadsys/issue-response-docs
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<ul class="repo">
|
||||||
|
<li class="repo-download">
|
||||||
|
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/archive/master.zip" target="_blank" title="Download" data-action="download">
|
||||||
|
<i class="icon icon-download"></i> Download
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
<li class="repo-stars">
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/stargazers" target="_blank" title="Stargazers" data-action="star">
|
||||||
|
<i class="icon icon-star"></i> Stars
|
||||||
|
<span class="count">–</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Home" href="../..">
|
||||||
|
Home
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">On-Call</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Being On-Call" href="../../oncall/being_oncall/">
|
||||||
|
Being On-Call
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Alerting Principles" href="../../oncall/alerting_principles/">
|
||||||
|
Alerting Principles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Before an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="current" title="Severity Levels" href="./">
|
||||||
|
Severity Levels
|
||||||
|
</a>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Different Roles" href="../different_roles/">
|
||||||
|
Different Roles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Call Etiquette" href="../call_etiquette/">
|
||||||
|
Call Etiquette
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">During an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="During An Incident" href="../../during/during_an_incident/">
|
||||||
|
During An Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Security Incident" href="../../during/security_incident_response/">
|
||||||
|
Security Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">After an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Process" href="../../after/post_mortem_process/">
|
||||||
|
Post-Mortem Process
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Template" href="../../after/post_mortem_template/">
|
||||||
|
Post-Mortem Template
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Training</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Overview" href="../../training/overview/">
|
||||||
|
Overview
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Team Leader" href="../../training/team_leader/">
|
||||||
|
Team Leader
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Sysadmin" href="../../training/sysadmin/">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Scribe" href="../../training/scribe/">
|
||||||
|
Scribe
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Subject Matter Expert" href="../../training/subject_matter_expert/">
|
||||||
|
Subject Matter Expert
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Glossary" href="../../training/glossary/">
|
||||||
|
Glossary
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="About" href="../../about/">
|
||||||
|
About
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</div>
|
||||||
|
<article class="article">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<h1>Severity Levels</h1>
|
||||||
|
|
||||||
|
<p>The first step in any incident response process is to determine what actually constitutes an incident. We have two high level categories for classifying incidents: this is done using "SR" or "IN" defintions with an attached priority of "Minor", "Normal" or "Major". "SR" are "Service requests" initiated by a customer and usually do not constitute a critical issue (there are exceptions) while "IN" are "incidents" which are generally "urgent".</p>
|
||||||
|
<p>All of our operational issues are to be classified as either a Service Request or an Incident. Incidents have priority over Service Requests provided that there are no Service Requests with a higher priority. In general you will want to resolve a higher severity SR or IN than a lower one (a "Major" priority gets a more intensive response than a "Normal" incident for example).</p>
|
||||||
|
<div class="admonition note">
|
||||||
|
<p class="admonition-title">Always Assume The Worst</p>
|
||||||
|
<p>If you are unsure which level an incident is (e.g. not sure if IN is Major or Normal), <strong>treat it as the higher one</strong>. During an incident is not the time to discuss or litigate severities, just assume the highest and review during a post-mortem.</p>
|
||||||
|
</div>
|
||||||
|
<table class="custom-table">
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th>Severity</th>
|
||||||
|
<th>Description</th>
|
||||||
|
<th>What To Do</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td class="sev-1">Major</td>
|
||||||
|
<td>
|
||||||
|
<ul>
|
||||||
|
<li>The system is in a critical state and is actively impacting a large number of customers.</li>
|
||||||
|
<li>Functionality has been severely impaired for a long time, breaking SLA.</li>
|
||||||
|
<li>Customer-data-exposing security vulnerability has come to our attention.</li>
|
||||||
|
</ul>
|
||||||
|
</td>
|
||||||
|
<td>See <a href="/during/during_an_incident">During an Incident</a>.</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td class="sev-2">Normal</td>
|
||||||
|
<td>
|
||||||
|
<ul>
|
||||||
|
<li>Functionality of virtualization platform is severely impaired.</li>
|
||||||
|
<li>E-mail system is offline.</li>
|
||||||
|
</ul>
|
||||||
|
</td>
|
||||||
|
<td>See <a href="/during/during_an_incident">During an Incident</a>.</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td class="warning" colspan="3">Anything above this line is considered a "Major Incident". These are generally Incidents (IN). Below are service requests (SR) which are usually initiated by a human who can help with prioritizing. A call is triggered for all major incidents (indifferently of SR or IN).</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td class="sev-2">Normal</td>
|
||||||
|
<td>
|
||||||
|
<ul>
|
||||||
|
<li>Partial loss of functionality, only affecting minority of customers.</li>
|
||||||
|
<li>Something that has the likelihood of becoming Major if nothing is done.</li>
|
||||||
|
<li>No redundancy in a service (failure of 1 more node will cause outage).</li>
|
||||||
|
</ul>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<ul>
|
||||||
|
<li>Work on issue as your top priority.</li>
|
||||||
|
<li>Liaise with engineers of affected systems to identify cause.</li>
|
||||||
|
<li>If related to recent deployment, rollback.</li>
|
||||||
|
<li>Monitor status and notice if/when it escalates.</li>
|
||||||
|
<li>Mention on Slack if you think it has the potential to escalate.</li>
|
||||||
|
</ul>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td class="sev-2">Normal</td>
|
||||||
|
<td>
|
||||||
|
<ul>
|
||||||
|
<li>Performance issues (delays, etc). Tasks that require non-immediate attention.</li>
|
||||||
|
<li>Job failure (not impacting alerting).</li>
|
||||||
|
</ul>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<ul>
|
||||||
|
<li>Work on the issue as your first priority (above "Low" tasks).</li>
|
||||||
|
<li>Monitor status and notice if/when it escalates.</li>
|
||||||
|
</ul>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td class="sev-5">Low</td>
|
||||||
|
<td>
|
||||||
|
<ul>
|
||||||
|
<li>Normal issues which aren't impacting system use, cosmetic issues, etc.</li>
|
||||||
|
</ul>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<ul>
|
||||||
|
<li>Create a DoIT card and assign to owner of affected system.</li>
|
||||||
|
</ul>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
<div class="admonition note">
|
||||||
|
<p class="admonition-title">Be Specific</p>
|
||||||
|
<p>When creating Cards in Doit, be as specific as possible and include all necessary details. Include relevant details regarding when the issue started, what may have triggered it, etc.. Document your efforts through worklogs and be specific there as well.</p>
|
||||||
|
</div>
|
||||||
|
<aside class="copyright" role="note">
|
||||||
|
|
||||||
|
Copyright © Spearhead Systems, Inc. –
|
||||||
|
|
||||||
|
Documentation built with
|
||||||
|
<a href="http://www.mkdocs.org" target="_blank">MkDocs</a>
|
||||||
|
using the
|
||||||
|
<a href="http://squidfunk.github.io/mkdocs-material/" target="_blank">
|
||||||
|
Material
|
||||||
|
</a>
|
||||||
|
theme.
|
||||||
|
</aside>
|
||||||
|
|
||||||
|
<footer class="footer">
|
||||||
|
|
||||||
|
<nav class="pagination" aria-label="Footer">
|
||||||
|
<div class="previous">
|
||||||
|
|
||||||
|
<a href="../../oncall/alerting_principles/" title="Alerting Principles">
|
||||||
|
<span class="direction">
|
||||||
|
Previous
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="button button-previous" role="button" aria-label="Previous">
|
||||||
|
<i class="icon icon-back"></i>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Alerting Principles
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="next">
|
||||||
|
|
||||||
|
<a href="../different_roles/" title="Different Roles">
|
||||||
|
<span class="direction">
|
||||||
|
Next
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Different Roles
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-next" role="button" aria-label="Next">
|
||||||
|
<i class="icon icon-forward"></i>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
|
<div class="results" role="status" aria-live="polite">
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
<div class="meta"></div>
|
||||||
|
<div class="list"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
<script>
|
||||||
|
var base_url = '../..';
|
||||||
|
var repo_id = 'spearheadsys/issue-response-docs';
|
||||||
|
</script>
|
||||||
|
<script src="../../assets/javascripts/application-997097ee0c.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
719
during/during_an_incident/index.html
Normal file
@ -0,0 +1,719 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if lt IE 7 ]><html class="no-js ie6"><![endif]-->
|
||||||
|
<!--[if IE 7 ]><html class="no-js ie7"><![endif]-->
|
||||||
|
<!--[if IE 8 ]><html class="no-js ie8"><![endif]-->
|
||||||
|
<!--[if IE 9 ]><html class="no-js ie9"><![endif]-->
|
||||||
|
<!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
|
||||||
|
<title>During An Incident - Spearhead Systems Incident Response Documentation</title>
|
||||||
|
|
||||||
|
<!-- Author and License -->
|
||||||
|
<meta name="author" content="Spearhead Systems, Inc." />
|
||||||
|
<meta name="dcterms.license" content="http://www.apache.org/licenses/LICENSE-2.0" />
|
||||||
|
|
||||||
|
<!-- Page Description -->
|
||||||
|
|
||||||
|
<meta name="keywords" content="spearhead, incident, response" />
|
||||||
|
<meta name="robots" content="index, follow, noarchive" />
|
||||||
|
|
||||||
|
<!-- Mobile -->
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0" />
|
||||||
|
<meta name="theme-color" content="#1f293a" />
|
||||||
|
|
||||||
|
<!-- Canonical Link -->
|
||||||
|
<link rel="canonical" href="https://response.spearhead.systems/during/during_an_incident/">
|
||||||
|
|
||||||
|
<!-- Favicon -->
|
||||||
|
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
<link rel="icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
|
||||||
|
<!-- Apple -->
|
||||||
|
<meta name="apple-mobile-web-app-title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||||
|
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
|
||||||
|
<link rel="apple-touch-icon" href="../../assets/img/icon.png">
|
||||||
|
|
||||||
|
<!-- Open Graph -->
|
||||||
|
<meta property="og:url" content="https://response.spearhead.systems/during/during_an_incident/" />
|
||||||
|
<meta property="og:title" content="During An Incident - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:site_name" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta property="og:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
<meta property="og:locale" content="en_US" />
|
||||||
|
<meta property="og:type" content="website" />
|
||||||
|
|
||||||
|
<!-- Twitter -->
|
||||||
|
<meta name="twitter:card" content="summary_large_image" />
|
||||||
|
<meta name="twitter:title" content="During An Incident - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="twitter:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta name="twitter:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
|
||||||
|
<!-- Style -->
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Icon';
|
||||||
|
src: url('../../assets/fonts/icon.eot?52m981');
|
||||||
|
src: url('../../assets/fonts/icon.eot?#iefix52m981')
|
||||||
|
format('embedded-opentype'),
|
||||||
|
url('../../assets/fonts/icon.woff?52m981')
|
||||||
|
format('woff'),
|
||||||
|
url('../../assets/fonts/icon.ttf?52m981')
|
||||||
|
format('truetype'),
|
||||||
|
url('../../assets/fonts/icon.svg?52m981#icon')
|
||||||
|
format('svg');
|
||||||
|
font-weight: normal;
|
||||||
|
font-style: normal;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/application-a422ff04cc.css">
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/palettes-05ab2406df.css">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Mono">
|
||||||
|
<style>
|
||||||
|
body, input {
|
||||||
|
font-family: 'Roboto', Helvetica, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
pre, code {
|
||||||
|
font-family: 'Roboto Mono', 'Courier New', 'Courier', monospace;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/css/extra.css">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Scripts -->
|
||||||
|
<script src="../../assets/javascripts/modernizr-4ab42b99fd.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<body class="palette-primary-green palette-accent-blue-grey">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="backdrop">
|
||||||
|
<div class="backdrop-paper"></div>
|
||||||
|
</div>
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-drawer">
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-search">
|
||||||
|
<label class="toggle-button overlay" for="toggle-drawer"></label>
|
||||||
|
<header class="header">
|
||||||
|
<nav aria-label="Header">
|
||||||
|
<div class="bar default">
|
||||||
|
<div class="button button-menu" role="button" aria-label="Menu">
|
||||||
|
<label class="toggle-button icon icon-menu" for="toggle-drawer">
|
||||||
|
<span></span>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="mainlogo">
|
||||||
|
<a href="/" title="Go to homepage.">
|
||||||
|
<img src="../../assets/img/logo.png" title="Spearhead Systems" />
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="title">
|
||||||
|
<span class="path">
|
||||||
|
Incident Response
|
||||||
|
<i class="icon icon-link"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="path">
|
||||||
|
|
||||||
|
|
||||||
|
During an Incident <i class="icon icon-link"></i>
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
During An Incident
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-twitter" role="button" aria-label="Twitter">
|
||||||
|
<a href="https://twitter.com/spearhead_sys" title="@spearhead_sys on Twitter" target="_blank" class="toggle-button icon icon-twitter"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-github" role="button" aria-label="GitHub">
|
||||||
|
<a href="https://github.com/spearheadsys" title="@spearheadsys on GitHub" target="_blank" class="toggle-button icon icon-github"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="button button-search" role="button" aria-label="Search">
|
||||||
|
<label class="toggle-button icon icon-search" title="Search" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="bar search">
|
||||||
|
<div class="button button-close" role="button" aria-label="Close">
|
||||||
|
<label class="toggle-button icon icon-back" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="field">
|
||||||
|
<input class="query" type="text" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-reset" role="button" aria-label="Search">
|
||||||
|
<button class="toggle-button icon icon-close" id="reset-search"></button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<main class="main">
|
||||||
|
|
||||||
|
<div class="drawer">
|
||||||
|
<nav aria-label="Navigation">
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs" class="project">
|
||||||
|
<div class="banner">
|
||||||
|
|
||||||
|
<div class="logo">
|
||||||
|
<img src="../../assets/img/icon.png">
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="name">
|
||||||
|
<strong>
|
||||||
|
Spearhead Systems Incident Response Documentation
|
||||||
|
<span class="version">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</strong>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
spearheadsys/issue-response-docs
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<ul class="repo">
|
||||||
|
<li class="repo-download">
|
||||||
|
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/archive/master.zip" target="_blank" title="Download" data-action="download">
|
||||||
|
<i class="icon icon-download"></i> Download
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
<li class="repo-stars">
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/stargazers" target="_blank" title="Stargazers" data-action="star">
|
||||||
|
<i class="icon icon-star"></i> Stars
|
||||||
|
<span class="count">–</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Home" href="../..">
|
||||||
|
Home
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">On-Call</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Being On-Call" href="../../oncall/being_oncall/">
|
||||||
|
Being On-Call
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Alerting Principles" href="../../oncall/alerting_principles/">
|
||||||
|
Alerting Principles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Before an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Severity Levels" href="../../before/severity_levels/">
|
||||||
|
Severity Levels
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Different Roles" href="../../before/different_roles/">
|
||||||
|
Different Roles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Call Etiquette" href="../../before/call_etiquette/">
|
||||||
|
Call Etiquette
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">During an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="current" title="During An Incident" href="./">
|
||||||
|
During An Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Don't Panic!" href="#dont-panic">
|
||||||
|
Don't Panic!
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Steps for the Team Leader" href="#steps-for-the-team-leader">
|
||||||
|
Steps for the Team Leader
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Steps for Sysadmin" href="#steps-for-sysadmin">
|
||||||
|
Steps for Sysadmin
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Steps for Scribe" href="#steps-for-scribe">
|
||||||
|
Steps for Scribe
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Steps for Subject Matter Experts" href="#steps-for-subject-matter-experts">
|
||||||
|
Steps for Subject Matter Experts
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Steps for Customer Liaison" href="#steps-for-customer-liaison">
|
||||||
|
Steps for Customer Liaison
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Security Incident" href="../security_incident_response/">
|
||||||
|
Security Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">After an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Process" href="../../after/post_mortem_process/">
|
||||||
|
Post-Mortem Process
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Template" href="../../after/post_mortem_template/">
|
||||||
|
Post-Mortem Template
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Training</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Overview" href="../../training/overview/">
|
||||||
|
Overview
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Team Leader" href="../../training/team_leader/">
|
||||||
|
Team Leader
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Sysadmin" href="../../training/sysadmin/">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Scribe" href="../../training/scribe/">
|
||||||
|
Scribe
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Subject Matter Expert" href="../../training/subject_matter_expert/">
|
||||||
|
Subject Matter Expert
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Glossary" href="../../training/glossary/">
|
||||||
|
Glossary
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="About" href="../../about/">
|
||||||
|
About
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</div>
|
||||||
|
<article class="article">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<h1>During An Incident</h1>
|
||||||
|
|
||||||
|
<p>Information on what to do during a major incident. See our <a href="../../before/severity_levels/">severity level descriptions</a> for what constitutes a major incident.</p>
|
||||||
|
<div class="admonition note">
|
||||||
|
<p class="admonition-title">Documentation</p>
|
||||||
|
<p>Always document your activities. Keep a detailed worklog of your actions in DoIT and communicate verbosely on Slack or other channels (email, etc.). </p>
|
||||||
|
<p><table class="custom-table" id="contact-summary">
|
||||||
|
<thead>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td><a href="#">#support</a></td>
|
||||||
|
<td><a href="#">http://response.spearhead.systems</a></td>
|
||||||
|
<td><a href="#">+40728 005 263</a> </td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td colspan="3" class="centered">Need an TL? Do <code>!tl page</code> in Slack</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td colspan="3"><em>For executive summary updates only, join <a href="#">#executive-summary-updates</a>.</em></td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table></p>
|
||||||
|
</div>
|
||||||
|
<div class="admonition info">
|
||||||
|
<p class="admonition-title">Security Incident?</p>
|
||||||
|
<p>If this is a security incident, you should follow the <a href="../security_incident_response/">Security Incident Response</a> process.</p>
|
||||||
|
</div>
|
||||||
|
<h2 id="dont-panic">Don't Panic!<a class="headerlink" href="#dont-panic" title="Permanent link">#</a></h2>
|
||||||
|
<ol>
|
||||||
|
<li>
|
||||||
|
<p>Join the incident call and chat (see links above).</p>
|
||||||
|
<ul>
|
||||||
|
<li>Anyone is free to join the call or chat to observe and follow along with the incident.</li>
|
||||||
|
<li>If you wish to participate however, you should join both. If you can't join the call for some reason, you should have a dedicated proxy for the call. Disjointed discussions in the chat room are ultimately distracting.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Follow along with the call/chat, add any comments you feel are appropriate, but keep the discussion relevant to the problem at hand.</p>
|
||||||
|
<ul>
|
||||||
|
<li>If you are not an SME, try to filter any discussion through the primary SME for your service. Too many people discussing at once get become overwhelming, so we should try to maintain a hierarchical structure to the call if possible.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Follow instructions from the Team Leader.</p>
|
||||||
|
<ul>
|
||||||
|
<li><strong>Is there no TL on the call?</strong><ul>
|
||||||
|
<li>Manually page them via Slack, with <code>!tl page</code> in Slack. This will page the primary and backup TL's at the same time.</li>
|
||||||
|
<li>Never hesitate to page the TL. It's much better to have them and not need them than the other way around.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
<div class="admonition info">
|
||||||
|
<p class="admonition-title">Not a call?</p>
|
||||||
|
<p>Not all issues begin with a formal call. Some issues are self-explanatory and automatically generated via our monitoring platforms, a customer logging on to our portal, etc. In these scenarios <a href="http://doit.sphs.ro">DoIT</a> is the definitive source. If that is not sufficient ask your TL.</p>
|
||||||
|
</div>
|
||||||
|
<h2 id="steps-for-the-team-leader">Steps for the Team Leader<a class="headerlink" href="#steps-for-the-team-leader" title="Permanent link">#</a></h2>
|
||||||
|
<p>Resolve the incident as quickly and as safely as possible, use the Sysadmin to assist you. Delegate any tasks to relevant experts at your discretion.</p>
|
||||||
|
<ol>
|
||||||
|
<li>
|
||||||
|
<p>Announce on the call, in DoIT and in Slack that you are the team leader, who you have designated as sysadmin (usually the backup TL), and scribe/juniors if any.</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Identify if there is an obvious cause to the incident (recent deployment, spike in traffic, etc.), delegate investigation to relevant experts,</p>
|
||||||
|
<ul>
|
||||||
|
<li>Use the service experts on the call to assist in the analysis. They should be able to quickly provide confirmation of the cause, but not always. It's the call of the TL on how to proceed in cases where the cause is not positively known. Confer with service owners and use their knowledge to help you.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Identify investigation & repair actions (roll back, rate-limit services, etc) and delegate actions to relevant service experts. Typically something like this (obviously not an exhaustive list),</p>
|
||||||
|
<ul>
|
||||||
|
<li><strong>Bad Deployment:</strong> Roll it back.</li>
|
||||||
|
<li><strong>Web Application Stuck/Crashed:</strong> Do a rolling restart.</li>
|
||||||
|
<li><strong>Event Flood:</strong> Validate automatic throttling is sufficient, adjust manually if not.</li>
|
||||||
|
<li><strong>Data Center Outage:</strong> Validate automation has removed bad data center. Force it to do so if not.</li>
|
||||||
|
<li><strong>Degraded Service Behavior without load:</strong> Gather forensic data (heap dumps, etc), and consider doing a rolling restart.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Listen for prompts from your Sysadmin regarding severity escalations, decide whether we need to announce publicly, and instruct customer liaison accordingly.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Announcing publicly is at your discretion as TL. If you are unsure, then announce publicly ("If in doubt, tweet it out").</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Once incident has recovered or is actively recovering, you can announce that the incident is over and that the call is ending. This usually indicates there's no more productive work to be done for the incident right now.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Move the remaining, non-time-critical discussion to Slack.</li>
|
||||||
|
<li>Follow up to ensure the customer liaison wraps up the incident publicly.</li>
|
||||||
|
<li>Identify any post-incident clean-up work.</li>
|
||||||
|
<li>You may need to perform debriefing/analysis of the underlying root cause.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>(After call ends) Create the post-mortem page from the template, and assign an owner to the post-mortem for the incident.</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>(After call ends) Send out an internal email explaining that we had a major incident, provide a link to the post-mortem.</p>
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
<h2 id="steps-for-sysadmin">Steps for Sysadmin<a class="headerlink" href="#steps-for-sysadmin" title="Permanent link">#</a></h2>
|
||||||
|
<p>You are there to support the TL in whatever they need.</p>
|
||||||
|
<ol>
|
||||||
|
<li>
|
||||||
|
<p>Monitor the status, and notify the TL if/when the incident escalates in severity level.</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Be prepared to page other people as directed by the Team Leader.</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Provide regular status updates in Slack (roughly every 30mins) to the executive team, giving an executive summary of the current status. Keep it short and to the point, and use @here.</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Perform any remediations, checking graphs, analysis or investigating logs unless otherwse delegated by the TL. </p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Follow instructions from the Team Leader.</p>
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
<h2 id="steps-for-scribe">Steps for Scribe<a class="headerlink" href="#steps-for-scribe" title="Permanent link">#</a></h2>
|
||||||
|
<p>You are there to document the key information from the incident in Slack, DoIT, our WiKi, etc.</p>
|
||||||
|
<ol>
|
||||||
|
<li>
|
||||||
|
<p>Update the apropriate channel with who the TL is, who the Sysadmin is, and that you're the scribe (if not already done).</p>
|
||||||
|
<ul>
|
||||||
|
<li>e.g. "TL: Bob Boberson, Sysadmin: Gigi Con, Scribe: Writer Writerson"</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>You should add notes to the proper channels when significant actions are taken, or findings are determined. You don't need to wait for the TL to direct this - use your own judgment.</p>
|
||||||
|
<ul>
|
||||||
|
<li>You should also add <code>TODO</code> notes to the proper channel that indicate follow-ups slated for later.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Follow instructions from the Team Leader.</p>
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
<h2 id="steps-for-subject-matter-experts">Steps for Subject Matter Experts<a class="headerlink" href="#steps-for-subject-matter-experts" title="Permanent link">#</a></h2>
|
||||||
|
<p>You are there to support the team leader in identifying the cause of the incident, suggesting and evaluation repair actions, and following through on the repair actions.</p>
|
||||||
|
<ol>
|
||||||
|
<li>
|
||||||
|
<p>Investigate the incident by analyzing any graphs or logs at your disposal. Announce all findings to the incident commander.</p>
|
||||||
|
<ul>
|
||||||
|
<li>If you are unsure of the cause, that's fine, state that you are investigating and provide regular updates to the TL.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Announce all suggestions for resolution to the team leader, it is their decision on how to proceed, do not follow any actions unless told to do so!</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Follow instructions from the team leader.</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>(Optional) Once the call is over and post-mortem is created, add any notes you think are relevant to the post-mortem page.</p>
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
<h2 id="steps-for-customer-liaison">Steps for Customer Liaison<a class="headerlink" href="#steps-for-customer-liaison" title="Permanent link">#</a></h2>
|
||||||
|
<p>Be on stand-by to post public facing messages regarding the incident.</p>
|
||||||
|
<ol>
|
||||||
|
<li>
|
||||||
|
<p>You will typically be required to update the status page and to send Tweets or other communications from our various accounts at certain times during the call.</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Follow instructions from the Team Leader.</p>
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
<aside class="copyright" role="note">
|
||||||
|
|
||||||
|
Copyright © Spearhead Systems, Inc. –
|
||||||
|
|
||||||
|
Documentation built with
|
||||||
|
<a href="http://www.mkdocs.org" target="_blank">MkDocs</a>
|
||||||
|
using the
|
||||||
|
<a href="http://squidfunk.github.io/mkdocs-material/" target="_blank">
|
||||||
|
Material
|
||||||
|
</a>
|
||||||
|
theme.
|
||||||
|
</aside>
|
||||||
|
|
||||||
|
<footer class="footer">
|
||||||
|
|
||||||
|
<nav class="pagination" aria-label="Footer">
|
||||||
|
<div class="previous">
|
||||||
|
|
||||||
|
<a href="../../before/call_etiquette/" title="Call Etiquette">
|
||||||
|
<span class="direction">
|
||||||
|
Previous
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="button button-previous" role="button" aria-label="Previous">
|
||||||
|
<i class="icon icon-back"></i>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Call Etiquette
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="next">
|
||||||
|
|
||||||
|
<a href="../security_incident_response/" title="Security Incident">
|
||||||
|
<span class="direction">
|
||||||
|
Next
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Security Incident
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-next" role="button" aria-label="Next">
|
||||||
|
<i class="icon icon-forward"></i>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
|
<div class="results" role="status" aria-live="polite">
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
<div class="meta"></div>
|
||||||
|
<div class="list"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
<script>
|
||||||
|
var base_url = '../..';
|
||||||
|
var repo_id = 'spearheadsys/issue-response-docs';
|
||||||
|
</script>
|
||||||
|
<script src="../../assets/javascripts/application-997097ee0c.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
743
during/security_incident_response/index.html
Normal file
@ -0,0 +1,743 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if lt IE 7 ]><html class="no-js ie6"><![endif]-->
|
||||||
|
<!--[if IE 7 ]><html class="no-js ie7"><![endif]-->
|
||||||
|
<!--[if IE 8 ]><html class="no-js ie8"><![endif]-->
|
||||||
|
<!--[if IE 9 ]><html class="no-js ie9"><![endif]-->
|
||||||
|
<!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
|
||||||
|
<title>Security Incident - Spearhead Systems Incident Response Documentation</title>
|
||||||
|
|
||||||
|
<!-- Author and License -->
|
||||||
|
<meta name="author" content="Spearhead Systems, Inc." />
|
||||||
|
<meta name="dcterms.license" content="http://www.apache.org/licenses/LICENSE-2.0" />
|
||||||
|
|
||||||
|
<!-- Page Description -->
|
||||||
|
|
||||||
|
<meta name="keywords" content="spearhead, incident, response" />
|
||||||
|
<meta name="robots" content="index, follow, noarchive" />
|
||||||
|
|
||||||
|
<!-- Mobile -->
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0" />
|
||||||
|
<meta name="theme-color" content="#1f293a" />
|
||||||
|
|
||||||
|
<!-- Canonical Link -->
|
||||||
|
<link rel="canonical" href="https://response.spearhead.systems/during/security_incident_response/">
|
||||||
|
|
||||||
|
<!-- Favicon -->
|
||||||
|
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
<link rel="icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
|
||||||
|
<!-- Apple -->
|
||||||
|
<meta name="apple-mobile-web-app-title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||||
|
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
|
||||||
|
<link rel="apple-touch-icon" href="../../assets/img/icon.png">
|
||||||
|
|
||||||
|
<!-- Open Graph -->
|
||||||
|
<meta property="og:url" content="https://response.spearhead.systems/during/security_incident_response/" />
|
||||||
|
<meta property="og:title" content="Security Incident - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:site_name" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta property="og:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
<meta property="og:locale" content="en_US" />
|
||||||
|
<meta property="og:type" content="website" />
|
||||||
|
|
||||||
|
<!-- Twitter -->
|
||||||
|
<meta name="twitter:card" content="summary_large_image" />
|
||||||
|
<meta name="twitter:title" content="Security Incident - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="twitter:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta name="twitter:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
|
||||||
|
<!-- Style -->
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Icon';
|
||||||
|
src: url('../../assets/fonts/icon.eot?52m981');
|
||||||
|
src: url('../../assets/fonts/icon.eot?#iefix52m981')
|
||||||
|
format('embedded-opentype'),
|
||||||
|
url('../../assets/fonts/icon.woff?52m981')
|
||||||
|
format('woff'),
|
||||||
|
url('../../assets/fonts/icon.ttf?52m981')
|
||||||
|
format('truetype'),
|
||||||
|
url('../../assets/fonts/icon.svg?52m981#icon')
|
||||||
|
format('svg');
|
||||||
|
font-weight: normal;
|
||||||
|
font-style: normal;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/application-a422ff04cc.css">
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/palettes-05ab2406df.css">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Mono">
|
||||||
|
<style>
|
||||||
|
body, input {
|
||||||
|
font-family: 'Roboto', Helvetica, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
pre, code {
|
||||||
|
font-family: 'Roboto Mono', 'Courier New', 'Courier', monospace;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/css/extra.css">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Scripts -->
|
||||||
|
<script src="../../assets/javascripts/modernizr-4ab42b99fd.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<body class="palette-primary-green palette-accent-blue-grey">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="backdrop">
|
||||||
|
<div class="backdrop-paper"></div>
|
||||||
|
</div>
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-drawer">
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-search">
|
||||||
|
<label class="toggle-button overlay" for="toggle-drawer"></label>
|
||||||
|
<header class="header">
|
||||||
|
<nav aria-label="Header">
|
||||||
|
<div class="bar default">
|
||||||
|
<div class="button button-menu" role="button" aria-label="Menu">
|
||||||
|
<label class="toggle-button icon icon-menu" for="toggle-drawer">
|
||||||
|
<span></span>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="mainlogo">
|
||||||
|
<a href="/" title="Go to homepage.">
|
||||||
|
<img src="../../assets/img/logo.png" title="Spearhead Systems" />
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="title">
|
||||||
|
<span class="path">
|
||||||
|
Incident Response
|
||||||
|
<i class="icon icon-link"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="path">
|
||||||
|
|
||||||
|
|
||||||
|
During an Incident <i class="icon icon-link"></i>
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
Security Incident
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-twitter" role="button" aria-label="Twitter">
|
||||||
|
<a href="https://twitter.com/spearhead_sys" title="@spearhead_sys on Twitter" target="_blank" class="toggle-button icon icon-twitter"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-github" role="button" aria-label="GitHub">
|
||||||
|
<a href="https://github.com/spearheadsys" title="@spearheadsys on GitHub" target="_blank" class="toggle-button icon icon-github"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="button button-search" role="button" aria-label="Search">
|
||||||
|
<label class="toggle-button icon icon-search" title="Search" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="bar search">
|
||||||
|
<div class="button button-close" role="button" aria-label="Close">
|
||||||
|
<label class="toggle-button icon icon-back" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="field">
|
||||||
|
<input class="query" type="text" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-reset" role="button" aria-label="Search">
|
||||||
|
<button class="toggle-button icon icon-close" id="reset-search"></button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<main class="main">
|
||||||
|
|
||||||
|
<div class="drawer">
|
||||||
|
<nav aria-label="Navigation">
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs" class="project">
|
||||||
|
<div class="banner">
|
||||||
|
|
||||||
|
<div class="logo">
|
||||||
|
<img src="../../assets/img/icon.png">
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="name">
|
||||||
|
<strong>
|
||||||
|
Spearhead Systems Incident Response Documentation
|
||||||
|
<span class="version">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</strong>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
spearheadsys/issue-response-docs
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<ul class="repo">
|
||||||
|
<li class="repo-download">
|
||||||
|
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/archive/master.zip" target="_blank" title="Download" data-action="download">
|
||||||
|
<i class="icon icon-download"></i> Download
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
<li class="repo-stars">
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/stargazers" target="_blank" title="Stargazers" data-action="star">
|
||||||
|
<i class="icon icon-star"></i> Stars
|
||||||
|
<span class="count">–</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Home" href="../..">
|
||||||
|
Home
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">On-Call</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Being On-Call" href="../../oncall/being_oncall/">
|
||||||
|
Being On-Call
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Alerting Principles" href="../../oncall/alerting_principles/">
|
||||||
|
Alerting Principles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Before an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Severity Levels" href="../../before/severity_levels/">
|
||||||
|
Severity Levels
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Different Roles" href="../../before/different_roles/">
|
||||||
|
Different Roles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Call Etiquette" href="../../before/call_etiquette/">
|
||||||
|
Call Etiquette
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">During an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="During An Incident" href="../during_an_incident/">
|
||||||
|
During An Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="current" title="Security Incident" href="./">
|
||||||
|
Security Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Checklist" href="#checklist">
|
||||||
|
Checklist
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Attack Mitigation" href="#attack-mitigation">
|
||||||
|
Attack Mitigation
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Cut Off Attack Vector" href="#cut-off-attack-vector">
|
||||||
|
Cut Off Attack Vector
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Assemble Response Team" href="#assemble-response-team">
|
||||||
|
Assemble Response Team
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Isolate Affected Instances" href="#isolate-affected-instances">
|
||||||
|
Isolate Affected Instances
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Identify Timeline of Attack" href="#identify-timeline-of-attack">
|
||||||
|
Identify Timeline of Attack
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Compromised Data" href="#compromised-data">
|
||||||
|
Compromised Data
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Assess Risk" href="#assess-risk">
|
||||||
|
Assess Risk
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Apply Additional Mitigations" href="#apply-additional-mitigations">
|
||||||
|
Apply Additional Mitigations
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Forensic Analysis" href="#forensic-analysis">
|
||||||
|
Forensic Analysis
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Internal Communication" href="#internal-communication">
|
||||||
|
Internal Communication
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Liaise With Law Enforcement / External Actors" href="#liaise-with-law-enforcement-external-actors">
|
||||||
|
Liaise With Law Enforcement / External Actors
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="External Communication" href="#external-communication">
|
||||||
|
External Communication
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Additional Reading" href="#additional-reading">
|
||||||
|
Additional Reading
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">After an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Process" href="../../after/post_mortem_process/">
|
||||||
|
Post-Mortem Process
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Template" href="../../after/post_mortem_template/">
|
||||||
|
Post-Mortem Template
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Training</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Overview" href="../../training/overview/">
|
||||||
|
Overview
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Team Leader" href="../../training/team_leader/">
|
||||||
|
Team Leader
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Sysadmin" href="../../training/sysadmin/">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Scribe" href="../../training/scribe/">
|
||||||
|
Scribe
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Subject Matter Expert" href="../../training/subject_matter_expert/">
|
||||||
|
Subject Matter Expert
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Glossary" href="../../training/glossary/">
|
||||||
|
Glossary
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="About" href="../../about/">
|
||||||
|
About
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</div>
|
||||||
|
<article class="article">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<h1>Security Incident</h1>
|
||||||
|
|
||||||
|
<div class="admonition note">
|
||||||
|
<p class="admonition-title">Team Leader Required</p>
|
||||||
|
<p>As with all major incidents, security ones will also involve a Team Leader, who will delegate the tasks to relevant resolvers. Tasks may be performed in parallel as assigned by the TL. Contact one at the earliest possible opportunity.</p>
|
||||||
|
</div>
|
||||||
|
<h2 id="checklist">Checklist<a class="headerlink" href="#checklist" title="Permanent link">#</a></h2>
|
||||||
|
<p>Details for each of these items are available in the next section.</p>
|
||||||
|
<ol>
|
||||||
|
<li>Stop the attack in progress.</li>
|
||||||
|
<li>Cut off the attack vector.</li>
|
||||||
|
<li>Assemble the response team.</li>
|
||||||
|
<li>Isolate affected instances.</li>
|
||||||
|
<li>Identify timeline of attack.</li>
|
||||||
|
<li>Identify compromised data.</li>
|
||||||
|
<li>Assess risk to other systems.</li>
|
||||||
|
<li>Assess risk of re-attack.</li>
|
||||||
|
<li>Apply additional mitigations, additions to monitoring, etc.</li>
|
||||||
|
<li>Forensic analysis of compromised systems.</li>
|
||||||
|
<li>Internal communication.</li>
|
||||||
|
<li>Involve law enforcement.</li>
|
||||||
|
<li>Reach out to external parties that may have been used as vector for attack.</li>
|
||||||
|
<li>External communication.</li>
|
||||||
|
</ol>
|
||||||
|
<hr />
|
||||||
|
<h2 id="attack-mitigation">Attack Mitigation<a class="headerlink" href="#attack-mitigation" title="Permanent link">#</a></h2>
|
||||||
|
<p>Stop the attack as quickly as you can, via any means necessary. Shut down servers, network isolate them, turn off a data center if you have to. Some common things to try,</p>
|
||||||
|
<ul>
|
||||||
|
<li>Shutdown the instance from the provider console (do not delete or terminate if you can help it, as we'll need to do forensics).</li>
|
||||||
|
<li>If you happen to be logged into the box you can try to,<ul>
|
||||||
|
<li>Re-instate our default iptables rules to restrict traffic.</li>
|
||||||
|
<li><code>kill -9</code> any active session you think is an attacker.</li>
|
||||||
|
<li>Change root password, and update /etc/shadow to lock out all other users.</li>
|
||||||
|
<li><code>sudo shutdown now</code></li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="cut-off-attack-vector">Cut Off Attack Vector<a class="headerlink" href="#cut-off-attack-vector" title="Permanent link">#</a></h2>
|
||||||
|
<p>Identify the likely attack vectors and path/fix them so they cannot be re-exploited immediately after stopping the attack.</p>
|
||||||
|
<ul>
|
||||||
|
<li>If you suspect a third-party provider is compromised, delete all accounts except your own (and those of others who are physically present) and immediately rotate your password and MFA tokens.</li>
|
||||||
|
<li>If you suspect a service application was an attack vector, disable any relevant code paths, or shut down the service entirely.</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="assemble-response-team">Assemble Response Team<a class="headerlink" href="#assemble-response-team" title="Permanent link">#</a></h2>
|
||||||
|
<p>Identify the key responders for the security incident, and keep them all in the loop. Set up a secure method of communicating all information associated with the incident. Details on the incident (or even the fact that an incident has occurred) should be kept private to the responders until you are confident the attack is not being triggered internally.</p>
|
||||||
|
<ul>
|
||||||
|
<li>The security and site-reliability teams should usually be involved.</li>
|
||||||
|
<li>A representative for any affected services should be involved.</li>
|
||||||
|
<li>A Team Leader (TL) should be appointed, who will also appoint the usual incident command roles. The incident command team will be responsible for keeping documentation of actions taken, and for notifying internal stakeholders as appropriate.</li>
|
||||||
|
<li>Do not communicate with anyone not on the response team about the incident until forensics has been performed. The attack could be happening internally.</li>
|
||||||
|
<li>Give the project an innocuous codename that can be used for chats/documents so if anyone overhears they don't realize it's a security incident. (e.g. sapphire-unicorn).</li>
|
||||||
|
<li>Prefix all emails, and chat topics with "Attorney Work Project".</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="isolate-affected-instances">Isolate Affected Instances<a class="headerlink" href="#isolate-affected-instances" title="Permanent link">#</a></h2>
|
||||||
|
<p>Any instances which were affected by the attack should be immediately isolated from any other instances. As soon as possible, an image of the system should be taken and put into a read-only cold storage for later forensic analysis.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Blacklist the IP addresses for any affected instances from all other hosts.</li>
|
||||||
|
<li>Turn off and shutdown the instances immediately if you didn't do that to stop the attack.</li>
|
||||||
|
<li>Take a disk image for any disks attached to the instances, and ship them to an off-site cold storage location. You should make sure these images are read-only and cannot be tampered with.</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="identify-timeline-of-attack">Identify Timeline of Attack<a class="headerlink" href="#identify-timeline-of-attack" title="Permanent link">#</a></h2>
|
||||||
|
<p>Work with all tools at your disposal to identify the timeline of the attack, along with exactly what the attacker did.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Any reconnaissance the attacker performed on the system before the attack started.</li>
|
||||||
|
<li>When the attacker gained access to the system.</li>
|
||||||
|
<li>What actions the attacker performed on the system, and when.</li>
|
||||||
|
<li>Identify how long the attacker had access to the system before they were detected, and before they were kicked out.</li>
|
||||||
|
<li>Identify any queries the attacker ran on databases.</li>
|
||||||
|
<li>Try to identify if the attacker still has access to the system via another back door. Monitor logs for unusual activity, etc.</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="compromised-data">Compromised Data<a class="headerlink" href="#compromised-data" title="Permanent link">#</a></h2>
|
||||||
|
<p>Using forensic analysis of log files, time-series graphs, and any other information/tools at your disposal, attempt to identify what information was compromised (if any),</p>
|
||||||
|
<ul>
|
||||||
|
<li>Identify any data that was compromised during the attack.<ul>
|
||||||
|
<li>Was any data exfiltrated from a database?</li>
|
||||||
|
<li>What keys were on the system that are now considering compromised?</li>
|
||||||
|
<li>Was the attacker able to identify other components of the system (map out the network, etc).</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>Find exactly what customer data has been compromised, if any.</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="assess-risk">Assess Risk<a class="headerlink" href="#assess-risk" title="Permanent link">#</a></h2>
|
||||||
|
<p>Based on the data that was compromised, assess the risk to other systems.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Does the attacker have enough information to find another way in?</li>
|
||||||
|
<li>Were any passwords or keys stored on the host? If so, they should be considered compromised, regardless of how they were stored.</li>
|
||||||
|
<li>Any user accounts that were used in the initial attack should rotate all of their keys and passwords on every other system they have an account.</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="apply-additional-mitigations">Apply Additional Mitigations<a class="headerlink" href="#apply-additional-mitigations" title="Permanent link">#</a></h2>
|
||||||
|
<p>Start applying mitigations to other parts of your system.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Rotate any compromised data.</li>
|
||||||
|
<li>Identify any new alerting which is needed to notify of a similar breach.</li>
|
||||||
|
<li>Block any IP addresses associated with the attack.</li>
|
||||||
|
<li>Identify any keys/credentials that are compromised and revoke their access immediately.</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="forensic-analysis">Forensic Analysis<a class="headerlink" href="#forensic-analysis" title="Permanent link">#</a></h2>
|
||||||
|
<p>Once you are confident the systems are secured, and enough monitoring is in place to detect another attack, you can move onto the forensic analysis stage.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Take any read-only images you created, any access logs you have, and comb through them for more information about the attack.</li>
|
||||||
|
<li>Identify exactly what happened, how it happened, and how to prevent it in future.</li>
|
||||||
|
<li>Keep track of all IP addresses involved in the attack.</li>
|
||||||
|
<li>Monitor logs for any attempt to regain access to the system by the attacker.</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="internal-communication">Internal Communication<a class="headerlink" href="#internal-communication" title="Permanent link">#</a></h2>
|
||||||
|
<p><strong>Delegate to:</strong> VP or Director of Engineering</p>
|
||||||
|
<p>Communicate internally only once you are confident (via forensic analysis) that the attack was not sourced internally.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Don't go into too much detail.</li>
|
||||||
|
<li>Overview the timeline.</li>
|
||||||
|
<li>Discuss mitigation steps taken.</li>
|
||||||
|
<li>Follow up with more information once it is known.</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="liaise-with-law-enforcement-external-actors">Liaise With Law Enforcement / External Actors<a class="headerlink" href="#liaise-with-law-enforcement-external-actors" title="Permanent link">#</a></h2>
|
||||||
|
<p><strong>Delegate to:</strong> VP or Director of Engineering</p>
|
||||||
|
<p>Work with law enforcement to identify the source of the attack, letting any system owners know that systems under their control may be compromised, etc.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Contact local law enforcement.</li>
|
||||||
|
<li>Contact FBI.</li>
|
||||||
|
<li>Contact operators for any systems used in the attack, their systems may also have been compromised.</li>
|
||||||
|
<li>Contact security companies to help in assessing risk and any PR next steps.</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="external-communication">External Communication<a class="headerlink" href="#external-communication" title="Permanent link">#</a></h2>
|
||||||
|
<p><strong>Delegate to:</strong> TL, Marketing Team</p>
|
||||||
|
<p>Once you have validated all of the information you have is accurate, have a timeline of events, and know exactly what information was compromised, how it was compromised, and sure that it won't happen again. Only then should you prepare and release a public statement to customers informing them of the compromised information and any steps they need to take.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Include the date in the title of any announcement, so that it's never confused for a potential new breach.</li>
|
||||||
|
<li>Don't say "We take security very seriously". It makes everyone cringe when they read it.</li>
|
||||||
|
<li>Be honest, accept responsibility, and present the facts, along with exactly how we plan to prevent such things in future.</li>
|
||||||
|
<li>Be as detailed as possible with the timeline.</li>
|
||||||
|
<li>Be as detailed as possible in what information was compromised, and how it affects customers. If we were storing something we shouldn't have been, be honest about it. It'll come out later and it'll be much worse.</li>
|
||||||
|
<li>Don't name and shame any external parties that might have caused the compromise. It's bad form. (Unless they've already publicly disclosed, in which case we can link to their disclosure).</li>
|
||||||
|
<li>Release the external communication as soon as possible, preferably within a few days of the compromise. The longer we wait, the worse it will be.</li>
|
||||||
|
<li>Figure out if there is a way to get in touch with customers' internal security teams before the general public notice is sent.</li>
|
||||||
|
</ul>
|
||||||
|
<hr />
|
||||||
|
<h2 id="additional-reading">Additional Reading<a class="headerlink" href="#additional-reading" title="Permanent link">#</a></h2>
|
||||||
|
<ul>
|
||||||
|
<li><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf">Computer Security Incident Handling Guide</a> (NIST)</li>
|
||||||
|
<li><a href="https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901">Incident Handler's Handbook</a> (SANS)</li>
|
||||||
|
<li><a href="https://technet.microsoft.com/en-us/library/cc700825.aspx">Responding to IT Security Incidents</a> (Microsoft)</li>
|
||||||
|
<li><a href="http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=7153">Defining Incident Management Processes for CSIRTs: A Work in Progress</a> (CMU)</li>
|
||||||
|
<li><a href="https://www.first.org/conference/2008/papers/killcrece-georgia-slides.pdf">Creating and Managing Computer Security Incident Handling Teams (CSIRTS)</a> (CERT)</li>
|
||||||
|
<li><a href="https://cloud.google.com/security/security-design/">Google Infrastructure Security Design Overview</a> (Google)</li>
|
||||||
|
</ul>
|
||||||
|
<aside class="copyright" role="note">
|
||||||
|
|
||||||
|
Copyright © Spearhead Systems, Inc. –
|
||||||
|
|
||||||
|
Documentation built with
|
||||||
|
<a href="http://www.mkdocs.org" target="_blank">MkDocs</a>
|
||||||
|
using the
|
||||||
|
<a href="http://squidfunk.github.io/mkdocs-material/" target="_blank">
|
||||||
|
Material
|
||||||
|
</a>
|
||||||
|
theme.
|
||||||
|
</aside>
|
||||||
|
|
||||||
|
<footer class="footer">
|
||||||
|
|
||||||
|
<nav class="pagination" aria-label="Footer">
|
||||||
|
<div class="previous">
|
||||||
|
|
||||||
|
<a href="../during_an_incident/" title="During An Incident">
|
||||||
|
<span class="direction">
|
||||||
|
Previous
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="button button-previous" role="button" aria-label="Previous">
|
||||||
|
<i class="icon icon-back"></i>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
During An Incident
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="next">
|
||||||
|
|
||||||
|
<a href="../../after/post_mortem_process/" title="Post-Mortem Process">
|
||||||
|
<span class="direction">
|
||||||
|
Next
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Post-Mortem Process
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-next" role="button" aria-label="Next">
|
||||||
|
<i class="icon icon-forward"></i>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
|
<div class="results" role="status" aria-live="polite">
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
<div class="meta"></div>
|
||||||
|
<div class="list"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
<script>
|
||||||
|
var base_url = '../..';
|
||||||
|
var repo_id = 'spearheadsys/issue-response-docs';
|
||||||
|
</script>
|
||||||
|
<script src="../../assets/javascripts/application-997097ee0c.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
583
index.html
Normal file
@ -0,0 +1,583 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if lt IE 7 ]><html class="no-js ie6"><![endif]-->
|
||||||
|
<!--[if IE 7 ]><html class="no-js ie7"><![endif]-->
|
||||||
|
<!--[if IE 8 ]><html class="no-js ie8"><![endif]-->
|
||||||
|
<!--[if IE 9 ]><html class="no-js ie9"><![endif]-->
|
||||||
|
<!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
|
||||||
|
<title>Spearhead Systems Incident Response Documentation</title>
|
||||||
|
|
||||||
|
<!-- Author and License -->
|
||||||
|
<meta name="author" content="Spearhead Systems, Inc." />
|
||||||
|
<meta name="dcterms.license" content="http://www.apache.org/licenses/LICENSE-2.0" />
|
||||||
|
|
||||||
|
<!-- Page Description -->
|
||||||
|
<meta name="description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work.">
|
||||||
|
<meta name="keywords" content="spearhead, incident, response" />
|
||||||
|
<meta name="robots" content="index, follow, noarchive" />
|
||||||
|
|
||||||
|
<!-- Mobile -->
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0" />
|
||||||
|
<meta name="theme-color" content="#1f293a" />
|
||||||
|
|
||||||
|
<!-- Canonical Link -->
|
||||||
|
<link rel="canonical" href="https://response.spearhead.systems/">
|
||||||
|
|
||||||
|
<!-- Favicon -->
|
||||||
|
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="./assets/img/icon.png" />
|
||||||
|
<link rel="icon" type="image/x-icon" href="./assets/img/icon.png" />
|
||||||
|
|
||||||
|
<!-- Apple -->
|
||||||
|
<meta name="apple-mobile-web-app-title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||||
|
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
|
||||||
|
<link rel="apple-touch-icon" href="./assets/img/icon.png">
|
||||||
|
|
||||||
|
<!-- Open Graph -->
|
||||||
|
<meta property="og:url" content="https://response.spearhead.systems/" />
|
||||||
|
<meta property="og:title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:site_name" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta property="og:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
<meta property="og:locale" content="en_US" />
|
||||||
|
<meta property="og:type" content="website" />
|
||||||
|
|
||||||
|
<!-- Twitter -->
|
||||||
|
<meta name="twitter:card" content="summary_large_image" />
|
||||||
|
<meta name="twitter:title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="twitter:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta name="twitter:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
|
||||||
|
<!-- Style -->
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Icon';
|
||||||
|
src: url('./assets/fonts/icon.eot?52m981');
|
||||||
|
src: url('./assets/fonts/icon.eot?#iefix52m981')
|
||||||
|
format('embedded-opentype'),
|
||||||
|
url('./assets/fonts/icon.woff?52m981')
|
||||||
|
format('woff'),
|
||||||
|
url('./assets/fonts/icon.ttf?52m981')
|
||||||
|
format('truetype'),
|
||||||
|
url('./assets/fonts/icon.svg?52m981#icon')
|
||||||
|
format('svg');
|
||||||
|
font-weight: normal;
|
||||||
|
font-style: normal;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<link rel="stylesheet" href="./assets/stylesheets/application-a422ff04cc.css">
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="./assets/stylesheets/palettes-05ab2406df.css">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Mono">
|
||||||
|
<style>
|
||||||
|
body, input {
|
||||||
|
font-family: 'Roboto', Helvetica, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
pre, code {
|
||||||
|
font-family: 'Roboto Mono', 'Courier New', 'Courier', monospace;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="./assets/css/extra.css">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Scripts -->
|
||||||
|
<script src="./assets/javascripts/modernizr-4ab42b99fd.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<body class="palette-primary-green palette-accent-blue-grey">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="backdrop">
|
||||||
|
<div class="backdrop-paper"></div>
|
||||||
|
</div>
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-drawer">
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-search">
|
||||||
|
<label class="toggle-button overlay" for="toggle-drawer"></label>
|
||||||
|
<header class="header">
|
||||||
|
<nav aria-label="Header">
|
||||||
|
<div class="bar default">
|
||||||
|
<div class="button button-menu" role="button" aria-label="Menu">
|
||||||
|
<label class="toggle-button icon icon-menu" for="toggle-drawer">
|
||||||
|
<span></span>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="mainlogo">
|
||||||
|
<a href="/" title="Go to homepage.">
|
||||||
|
<img src="./assets/img/logo.png" title="Spearhead Systems" />
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="title">
|
||||||
|
<span class="">
|
||||||
|
Incident Response
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="path">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-twitter" role="button" aria-label="Twitter">
|
||||||
|
<a href="https://twitter.com/spearhead_sys" title="@spearhead_sys on Twitter" target="_blank" class="toggle-button icon icon-twitter"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-github" role="button" aria-label="GitHub">
|
||||||
|
<a href="https://github.com/spearheadsys" title="@spearheadsys on GitHub" target="_blank" class="toggle-button icon icon-github"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="button button-search" role="button" aria-label="Search">
|
||||||
|
<label class="toggle-button icon icon-search" title="Search" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="bar search">
|
||||||
|
<div class="button button-close" role="button" aria-label="Close">
|
||||||
|
<label class="toggle-button icon icon-back" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="field">
|
||||||
|
<input class="query" type="text" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-reset" role="button" aria-label="Search">
|
||||||
|
<button class="toggle-button icon icon-close" id="reset-search"></button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<main class="main">
|
||||||
|
|
||||||
|
<div class="drawer">
|
||||||
|
<nav aria-label="Navigation">
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs" class="project">
|
||||||
|
<div class="banner">
|
||||||
|
|
||||||
|
<div class="logo">
|
||||||
|
<img src="./assets/img/icon.png">
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="name">
|
||||||
|
<strong>
|
||||||
|
Spearhead Systems Incident Response Documentation
|
||||||
|
<span class="version">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</strong>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
spearheadsys/issue-response-docs
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<ul class="repo">
|
||||||
|
<li class="repo-download">
|
||||||
|
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/archive/master.zip" target="_blank" title="Download" data-action="download">
|
||||||
|
<i class="icon icon-download"></i> Download
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
<li class="repo-stars">
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/stargazers" target="_blank" title="Stargazers" data-action="star">
|
||||||
|
<i class="icon icon-star"></i> Stars
|
||||||
|
<span class="count">–</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="current" title="Home" href=".">
|
||||||
|
Home
|
||||||
|
</a>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Being On-Call" href="#being-on-call">
|
||||||
|
Being On-Call
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Before an Incident" href="#before-an-incident">
|
||||||
|
Before an Incident
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="During an Incident" href="#during-an-incident">
|
||||||
|
During an Incident
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="After an Incident" href="#after-an-incident">
|
||||||
|
After an Incident
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Training" href="#training">
|
||||||
|
Training
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Additional Reading" href="#additional-reading">
|
||||||
|
Additional Reading
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">On-Call</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Being On-Call" href="oncall/being_oncall/">
|
||||||
|
Being On-Call
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Alerting Principles" href="oncall/alerting_principles/">
|
||||||
|
Alerting Principles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Before an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Severity Levels" href="before/severity_levels/">
|
||||||
|
Severity Levels
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Different Roles" href="before/different_roles/">
|
||||||
|
Different Roles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Call Etiquette" href="before/call_etiquette/">
|
||||||
|
Call Etiquette
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">During an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="During An Incident" href="during/during_an_incident/">
|
||||||
|
During An Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Security Incident" href="during/security_incident_response/">
|
||||||
|
Security Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">After an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Process" href="after/post_mortem_process/">
|
||||||
|
Post-Mortem Process
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Template" href="after/post_mortem_template/">
|
||||||
|
Post-Mortem Template
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Training</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Overview" href="training/overview/">
|
||||||
|
Overview
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Team Leader" href="training/team_leader/">
|
||||||
|
Team Leader
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Sysadmin" href="training/sysadmin/">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Scribe" href="training/scribe/">
|
||||||
|
Scribe
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Subject Matter Expert" href="training/subject_matter_expert/">
|
||||||
|
Subject Matter Expert
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Glossary" href="training/glossary/">
|
||||||
|
Glossary
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="About" href="about/">
|
||||||
|
About
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</div>
|
||||||
|
<article class="article">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<h1>Spearhead Systems Incident Response Documentation</h1>
|
||||||
|
|
||||||
|
<p>This documentation covers parts of the Spearhead Systems Incident Response process. It is a copy of <a href="https://github.com/PagerDuty/incident-response-docs/">PagerDuty's</a> documentation and furthermore a cut-down version of our own internal documentation, used at Spearhead Systems for any issue (incident or service request), and to prepare new employees for on-call responsibilities. It provides information not only on preparing for an incident or service request, but also what to do during and after. It is intended to be used by those involved in our operational technical support response process (or those wishing to become part of our support team). See the <a href="about/">about page</a> for more information on what this documentation is and why it exists.
|
||||||
|
This documentation is complementary to what is available in our <a href="https://sphsys.sharepoint.com">existing wiki</a> and other systems that have not been open sourced.</p>
|
||||||
|
<div class="admonition note">
|
||||||
|
<p class="admonition-title">Issue, Incident and Service Request</p>
|
||||||
|
<p>At Spearhead we use the term <em>issue</em> to define any request from our customers. Issues fall into two categories: "Service Requests (SR)" and "Incidents (IN)". An IN will generally be an issue that has impact on the normal functioning of the business while a SR generally does not.</p>
|
||||||
|
</div>
|
||||||
|
<p><img alt="Incident Response at Spearhead Systems" src="./assets/img/headers/sph_ir.jpg" /></p>
|
||||||
|
<h2 id="being-on-call">Being On-Call<a class="headerlink" href="#being-on-call" title="Permanent link">#</a></h2>
|
||||||
|
<p>If you've never been on-call before or part of a support delivery team, you might be wondering what it's all about. These pages describe what the expectations are, along with some resources to help you.</p>
|
||||||
|
<ul>
|
||||||
|
<li><a href="oncall/being_oncall/">Being On-Call</a> - <em>A guide to being on-call, both what your responsibilities are, and what they are not.</em></li>
|
||||||
|
<li><a href="oncall/alerting_principles/">Alerting Principles</a> - <em>The principles we use to determine what things notify an engineer, and what time of day they do so.</em></li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="before-an-incident">Before an Incident<a class="headerlink" href="#before-an-incident" title="Permanent link">#</a></h2>
|
||||||
|
<p>Reading material for things you probably want to know before an incident occurs. You likely don't want to be reading these during an actual incident.</p>
|
||||||
|
<ul>
|
||||||
|
<li><a href="before/severity_levels/">Severity Levels</a> - <em>Information on our severity level classification. What constitutes a Low issue? What's a "Major Incident"?, etc.</em></li>
|
||||||
|
<li><a href="before/different_roles/">Different Roles for Incidents</a> - <em>Information on the roles during an incident; Team Leader, Sysadmin, etc.</em></li>
|
||||||
|
<li><a href="before/call_etiquette/">Incident Call Etiquette</a> - <em>Our etiquette guidelines for incident calls, before you find yourself in one.</em></li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="during-an-incident">During an Incident<a class="headerlink" href="#during-an-incident" title="Permanent link">#</a></h2>
|
||||||
|
<p>Information and processes during an incident.</p>
|
||||||
|
<ul>
|
||||||
|
<li><a href="during/during_an_incident/">During an Incident</a> - <em>Information on what to do during an incident, and how to constructively contribute.</em></li>
|
||||||
|
<li><a href="during/security_incident_response/">Security Incident Response</a> - <em>Security incidents are handled differently to normal operational incidents.</em></li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="after-an-incident">After an Incident<a class="headerlink" href="#after-an-incident" title="Permanent link">#</a></h2>
|
||||||
|
<p>Our followup processes, how we make sure we don't repeat mistakes and are always improving.</p>
|
||||||
|
<ul>
|
||||||
|
<li><a href="after/post_mortem_process/">Post-Mortem Process</a> - <em>Information on our post-mortem process; what's involved and how to write or run a post-mortem.</em></li>
|
||||||
|
<li><a href="after/post_mortem_template/">Post-Mortem Template</a> - <em>The template we use for writing our post-mortems for major incidents.</em></li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="training">Training<a class="headerlink" href="#training" title="Permanent link">#</a></h2>
|
||||||
|
<p>So, you want to learn about incident response? You've come to the right place.</p>
|
||||||
|
<ul>
|
||||||
|
<li><a href="training/overview/">Training Overview</a> - <em>An overview of our training guides and additional training material from third-parties.</em></li>
|
||||||
|
<li><a href="training/incident_commander.md">Incident Commander Training</a> - <em>A guide to becoming our next Incident Commander.</em></li>
|
||||||
|
<li><a href="training/deputy.md">Deputy Training</a> - <em>How to be a deputy and back up the Incident Commander.</em></li>
|
||||||
|
<li><a href="training/scribe/">Scribe Training</a> - <em>A guide to scribing.</em></li>
|
||||||
|
<li><a href="training/subject_matter_expert/">Subject Matter Expert Training</a> - <em>A guide on responsibilities and behavior for all participants in a major incident.</em></li>
|
||||||
|
<li><a href="training/glossary/">Glossary of Incident Response Terms</a> - <em>A collection of terms that you may hear being used, along with their definition.</em></li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="additional-reading">Additional Reading<a class="headerlink" href="#additional-reading" title="Permanent link">#</a></h2>
|
||||||
|
<p>Useful material and resources from external parties that are relevant to incident response.</p>
|
||||||
|
<ul>
|
||||||
|
<li><a href="http://shop.oreilly.com/product/0636920036159.do">Incident Management for Operations</a> (O'Reilly)</li>
|
||||||
|
<li><a href="http://shop.oreilly.com/product/9780596001308.do">Incident Response</a> (O'Reilly)</li>
|
||||||
|
<li><a href="http://extfiles.etsy.com/DebriefingFacilitationGuide.pdf">Debriefing Facilitation Guide</a> (Etsy)</li>
|
||||||
|
<li><a href="https://www.fema.gov/national-incident-management-system">US National Incident Management System (NIMS)</a> (FEMA)</li>
|
||||||
|
<li><a href="https://www.heavybit.com/library/video/every-minute-counts-coordinating-herokus-incident-response/">Every Minute Counts: Leading Heroku's Incident Response</a> (Blake Gentry)</li>
|
||||||
|
</ul>
|
||||||
|
<aside class="copyright" role="note">
|
||||||
|
|
||||||
|
Copyright © Spearhead Systems, Inc. –
|
||||||
|
|
||||||
|
Documentation built with
|
||||||
|
<a href="http://www.mkdocs.org" target="_blank">MkDocs</a>
|
||||||
|
using the
|
||||||
|
<a href="http://squidfunk.github.io/mkdocs-material/" target="_blank">
|
||||||
|
Material
|
||||||
|
</a>
|
||||||
|
theme.
|
||||||
|
</aside>
|
||||||
|
|
||||||
|
<footer class="footer">
|
||||||
|
|
||||||
|
<nav class="pagination" aria-label="Footer">
|
||||||
|
<div class="previous">
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="next">
|
||||||
|
|
||||||
|
<a href="oncall/being_oncall/" title="Being On-Call">
|
||||||
|
<span class="direction">
|
||||||
|
Next
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Being On-Call
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-next" role="button" aria-label="Next">
|
||||||
|
<i class="icon icon-forward"></i>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
|
<div class="results" role="status" aria-live="polite">
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
<div class="meta"></div>
|
||||||
|
<div class="list"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
<script>
|
||||||
|
var base_url = '.';
|
||||||
|
var repo_id = 'spearheadsys/issue-response-docs';
|
||||||
|
</script>
|
||||||
|
<script src="./assets/javascripts/application-997097ee0c.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
7
mkdocs/js/lunr.min.js
vendored
Normal file
1
mkdocs/js/mustache.min.js
vendored
Normal file
36
mkdocs/js/require.js
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
/*
|
||||||
|
RequireJS 2.1.16 Copyright (c) 2010-2015, The Dojo Foundation All Rights Reserved.
|
||||||
|
Available via the MIT or new BSD license.
|
||||||
|
see: http://github.com/jrburke/requirejs for details
|
||||||
|
*/
|
||||||
|
var requirejs,require,define;
|
||||||
|
(function(ba){function G(b){return"[object Function]"===K.call(b)}function H(b){return"[object Array]"===K.call(b)}function v(b,c){if(b){var d;for(d=0;d<b.length&&(!b[d]||!c(b[d],d,b));d+=1);}}function T(b,c){if(b){var d;for(d=b.length-1;-1<d&&(!b[d]||!c(b[d],d,b));d-=1);}}function t(b,c){return fa.call(b,c)}function m(b,c){return t(b,c)&&b[c]}function B(b,c){for(var d in b)if(t(b,d)&&c(b[d],d))break}function U(b,c,d,e){c&&B(c,function(c,g){if(d||!t(b,g))e&&"object"===typeof c&&c&&!H(c)&&!G(c)&&!(c instanceof
|
||||||
|
RegExp)?(b[g]||(b[g]={}),U(b[g],c,d,e)):b[g]=c});return b}function u(b,c){return function(){return c.apply(b,arguments)}}function ca(b){throw b;}function da(b){if(!b)return b;var c=ba;v(b.split("."),function(b){c=c[b]});return c}function C(b,c,d,e){c=Error(c+"\nhttp://requirejs.org/docs/errors.html#"+b);c.requireType=b;c.requireModules=e;d&&(c.originalError=d);return c}function ga(b){function c(a,k,b){var f,l,c,d,e,g,i,p,k=k&&k.split("/"),h=j.map,n=h&&h["*"];if(a){a=a.split("/");l=a.length-1;j.nodeIdCompat&&
|
||||||
|
Q.test(a[l])&&(a[l]=a[l].replace(Q,""));"."===a[0].charAt(0)&&k&&(l=k.slice(0,k.length-1),a=l.concat(a));l=a;for(c=0;c<l.length;c++)if(d=l[c],"."===d)l.splice(c,1),c-=1;else if(".."===d&&!(0===c||1==c&&".."===l[2]||".."===l[c-1])&&0<c)l.splice(c-1,2),c-=2;a=a.join("/")}if(b&&h&&(k||n)){l=a.split("/");c=l.length;a:for(;0<c;c-=1){e=l.slice(0,c).join("/");if(k)for(d=k.length;0<d;d-=1)if(b=m(h,k.slice(0,d).join("/")))if(b=m(b,e)){f=b;g=c;break a}!i&&(n&&m(n,e))&&(i=m(n,e),p=c)}!f&&i&&(f=i,g=p);f&&(l.splice(0,
|
||||||
|
g,f),a=l.join("/"))}return(f=m(j.pkgs,a))?f:a}function d(a){z&&v(document.getElementsByTagName("script"),function(k){if(k.getAttribute("data-requiremodule")===a&&k.getAttribute("data-requirecontext")===i.contextName)return k.parentNode.removeChild(k),!0})}function e(a){var k=m(j.paths,a);if(k&&H(k)&&1<k.length)return k.shift(),i.require.undef(a),i.makeRequire(null,{skipMap:!0})([a]),!0}function n(a){var k,c=a?a.indexOf("!"):-1;-1<c&&(k=a.substring(0,c),a=a.substring(c+1,a.length));return[k,a]}function p(a,
|
||||||
|
k,b,f){var l,d,e=null,g=k?k.name:null,j=a,p=!0,h="";a||(p=!1,a="_@r"+(K+=1));a=n(a);e=a[0];a=a[1];e&&(e=c(e,g,f),d=m(r,e));a&&(e?h=d&&d.normalize?d.normalize(a,function(a){return c(a,g,f)}):-1===a.indexOf("!")?c(a,g,f):a:(h=c(a,g,f),a=n(h),e=a[0],h=a[1],b=!0,l=i.nameToUrl(h)));b=e&&!d&&!b?"_unnormalized"+(O+=1):"";return{prefix:e,name:h,parentMap:k,unnormalized:!!b,url:l,originalName:j,isDefine:p,id:(e?e+"!"+h:h)+b}}function s(a){var k=a.id,b=m(h,k);b||(b=h[k]=new i.Module(a));return b}function q(a,
|
||||||
|
k,b){var f=a.id,c=m(h,f);if(t(r,f)&&(!c||c.defineEmitComplete))"defined"===k&&b(r[f]);else if(c=s(a),c.error&&"error"===k)b(c.error);else c.on(k,b)}function w(a,b){var c=a.requireModules,f=!1;if(b)b(a);else if(v(c,function(b){if(b=m(h,b))b.error=a,b.events.error&&(f=!0,b.emit("error",a))}),!f)g.onError(a)}function x(){R.length&&(ha.apply(A,[A.length,0].concat(R)),R=[])}function y(a){delete h[a];delete V[a]}function F(a,b,c){var f=a.map.id;a.error?a.emit("error",a.error):(b[f]=!0,v(a.depMaps,function(f,
|
||||||
|
d){var e=f.id,g=m(h,e);g&&(!a.depMatched[d]&&!c[e])&&(m(b,e)?(a.defineDep(d,r[e]),a.check()):F(g,b,c))}),c[f]=!0)}function D(){var a,b,c=(a=1E3*j.waitSeconds)&&i.startTime+a<(new Date).getTime(),f=[],l=[],g=!1,h=!0;if(!W){W=!0;B(V,function(a){var i=a.map,j=i.id;if(a.enabled&&(i.isDefine||l.push(a),!a.error))if(!a.inited&&c)e(j)?g=b=!0:(f.push(j),d(j));else if(!a.inited&&(a.fetched&&i.isDefine)&&(g=!0,!i.prefix))return h=!1});if(c&&f.length)return a=C("timeout","Load timeout for modules: "+f,null,
|
||||||
|
f),a.contextName=i.contextName,w(a);h&&v(l,function(a){F(a,{},{})});if((!c||b)&&g)if((z||ea)&&!X)X=setTimeout(function(){X=0;D()},50);W=!1}}function E(a){t(r,a[0])||s(p(a[0],null,!0)).init(a[1],a[2])}function I(a){var a=a.currentTarget||a.srcElement,b=i.onScriptLoad;a.detachEvent&&!Y?a.detachEvent("onreadystatechange",b):a.removeEventListener("load",b,!1);b=i.onScriptError;(!a.detachEvent||Y)&&a.removeEventListener("error",b,!1);return{node:a,id:a&&a.getAttribute("data-requiremodule")}}function J(){var a;
|
||||||
|
for(x();A.length;){a=A.shift();if(null===a[0])return w(C("mismatch","Mismatched anonymous define() module: "+a[a.length-1]));E(a)}}var W,Z,i,L,X,j={waitSeconds:7,baseUrl:"./",paths:{},bundles:{},pkgs:{},shim:{},config:{}},h={},V={},$={},A=[],r={},S={},aa={},K=1,O=1;L={require:function(a){return a.require?a.require:a.require=i.makeRequire(a.map)},exports:function(a){a.usingExports=!0;if(a.map.isDefine)return a.exports?r[a.map.id]=a.exports:a.exports=r[a.map.id]={}},module:function(a){return a.module?
|
||||||
|
a.module:a.module={id:a.map.id,uri:a.map.url,config:function(){return m(j.config,a.map.id)||{}},exports:a.exports||(a.exports={})}}};Z=function(a){this.events=m($,a.id)||{};this.map=a;this.shim=m(j.shim,a.id);this.depExports=[];this.depMaps=[];this.depMatched=[];this.pluginMaps={};this.depCount=0};Z.prototype={init:function(a,b,c,f){f=f||{};if(!this.inited){this.factory=b;if(c)this.on("error",c);else this.events.error&&(c=u(this,function(a){this.emit("error",a)}));this.depMaps=a&&a.slice(0);this.errback=
|
||||||
|
c;this.inited=!0;this.ignore=f.ignore;f.enabled||this.enabled?this.enable():this.check()}},defineDep:function(a,b){this.depMatched[a]||(this.depMatched[a]=!0,this.depCount-=1,this.depExports[a]=b)},fetch:function(){if(!this.fetched){this.fetched=!0;i.startTime=(new Date).getTime();var a=this.map;if(this.shim)i.makeRequire(this.map,{enableBuildCallback:!0})(this.shim.deps||[],u(this,function(){return a.prefix?this.callPlugin():this.load()}));else return a.prefix?this.callPlugin():this.load()}},load:function(){var a=
|
||||||
|
this.map.url;S[a]||(S[a]=!0,i.load(this.map.id,a))},check:function(){if(this.enabled&&!this.enabling){var a,b,c=this.map.id;b=this.depExports;var f=this.exports,l=this.factory;if(this.inited)if(this.error)this.emit("error",this.error);else{if(!this.defining){this.defining=!0;if(1>this.depCount&&!this.defined){if(G(l)){if(this.events.error&&this.map.isDefine||g.onError!==ca)try{f=i.execCb(c,l,b,f)}catch(d){a=d}else f=i.execCb(c,l,b,f);this.map.isDefine&&void 0===f&&((b=this.module)?f=b.exports:this.usingExports&&
|
||||||
|
(f=this.exports));if(a)return a.requireMap=this.map,a.requireModules=this.map.isDefine?[this.map.id]:null,a.requireType=this.map.isDefine?"define":"require",w(this.error=a)}else f=l;this.exports=f;if(this.map.isDefine&&!this.ignore&&(r[c]=f,g.onResourceLoad))g.onResourceLoad(i,this.map,this.depMaps);y(c);this.defined=!0}this.defining=!1;this.defined&&!this.defineEmitted&&(this.defineEmitted=!0,this.emit("defined",this.exports),this.defineEmitComplete=!0)}}else this.fetch()}},callPlugin:function(){var a=
|
||||||
|
this.map,b=a.id,d=p(a.prefix);this.depMaps.push(d);q(d,"defined",u(this,function(f){var l,d;d=m(aa,this.map.id);var e=this.map.name,P=this.map.parentMap?this.map.parentMap.name:null,n=i.makeRequire(a.parentMap,{enableBuildCallback:!0});if(this.map.unnormalized){if(f.normalize&&(e=f.normalize(e,function(a){return c(a,P,!0)})||""),f=p(a.prefix+"!"+e,this.map.parentMap),q(f,"defined",u(this,function(a){this.init([],function(){return a},null,{enabled:!0,ignore:!0})})),d=m(h,f.id)){this.depMaps.push(f);
|
||||||
|
if(this.events.error)d.on("error",u(this,function(a){this.emit("error",a)}));d.enable()}}else d?(this.map.url=i.nameToUrl(d),this.load()):(l=u(this,function(a){this.init([],function(){return a},null,{enabled:!0})}),l.error=u(this,function(a){this.inited=!0;this.error=a;a.requireModules=[b];B(h,function(a){0===a.map.id.indexOf(b+"_unnormalized")&&y(a.map.id)});w(a)}),l.fromText=u(this,function(f,c){var d=a.name,e=p(d),P=M;c&&(f=c);P&&(M=!1);s(e);t(j.config,b)&&(j.config[d]=j.config[b]);try{g.exec(f)}catch(h){return w(C("fromtexteval",
|
||||||
|
"fromText eval for "+b+" failed: "+h,h,[b]))}P&&(M=!0);this.depMaps.push(e);i.completeLoad(d);n([d],l)}),f.load(a.name,n,l,j))}));i.enable(d,this);this.pluginMaps[d.id]=d},enable:function(){V[this.map.id]=this;this.enabling=this.enabled=!0;v(this.depMaps,u(this,function(a,b){var c,f;if("string"===typeof a){a=p(a,this.map.isDefine?this.map:this.map.parentMap,!1,!this.skipMap);this.depMaps[b]=a;if(c=m(L,a.id)){this.depExports[b]=c(this);return}this.depCount+=1;q(a,"defined",u(this,function(a){this.defineDep(b,
|
||||||
|
a);this.check()}));this.errback?q(a,"error",u(this,this.errback)):this.events.error&&q(a,"error",u(this,function(a){this.emit("error",a)}))}c=a.id;f=h[c];!t(L,c)&&(f&&!f.enabled)&&i.enable(a,this)}));B(this.pluginMaps,u(this,function(a){var b=m(h,a.id);b&&!b.enabled&&i.enable(a,this)}));this.enabling=!1;this.check()},on:function(a,b){var c=this.events[a];c||(c=this.events[a]=[]);c.push(b)},emit:function(a,b){v(this.events[a],function(a){a(b)});"error"===a&&delete this.events[a]}};i={config:j,contextName:b,
|
||||||
|
registry:h,defined:r,urlFetched:S,defQueue:A,Module:Z,makeModuleMap:p,nextTick:g.nextTick,onError:w,configure:function(a){a.baseUrl&&"/"!==a.baseUrl.charAt(a.baseUrl.length-1)&&(a.baseUrl+="/");var b=j.shim,c={paths:!0,bundles:!0,config:!0,map:!0};B(a,function(a,b){c[b]?(j[b]||(j[b]={}),U(j[b],a,!0,!0)):j[b]=a});a.bundles&&B(a.bundles,function(a,b){v(a,function(a){a!==b&&(aa[a]=b)})});a.shim&&(B(a.shim,function(a,c){H(a)&&(a={deps:a});if((a.exports||a.init)&&!a.exportsFn)a.exportsFn=i.makeShimExports(a);
|
||||||
|
b[c]=a}),j.shim=b);a.packages&&v(a.packages,function(a){var b,a="string"===typeof a?{name:a}:a;b=a.name;a.location&&(j.paths[b]=a.location);j.pkgs[b]=a.name+"/"+(a.main||"main").replace(ia,"").replace(Q,"")});B(h,function(a,b){!a.inited&&!a.map.unnormalized&&(a.map=p(b))});if(a.deps||a.callback)i.require(a.deps||[],a.callback)},makeShimExports:function(a){return function(){var b;a.init&&(b=a.init.apply(ba,arguments));return b||a.exports&&da(a.exports)}},makeRequire:function(a,e){function j(c,d,m){var n,
|
||||||
|
q;e.enableBuildCallback&&(d&&G(d))&&(d.__requireJsBuild=!0);if("string"===typeof c){if(G(d))return w(C("requireargs","Invalid require call"),m);if(a&&t(L,c))return L[c](h[a.id]);if(g.get)return g.get(i,c,a,j);n=p(c,a,!1,!0);n=n.id;return!t(r,n)?w(C("notloaded",'Module name "'+n+'" has not been loaded yet for context: '+b+(a?"":". Use require([])"))):r[n]}J();i.nextTick(function(){J();q=s(p(null,a));q.skipMap=e.skipMap;q.init(c,d,m,{enabled:!0});D()});return j}e=e||{};U(j,{isBrowser:z,toUrl:function(b){var d,
|
||||||
|
e=b.lastIndexOf("."),k=b.split("/")[0];if(-1!==e&&(!("."===k||".."===k)||1<e))d=b.substring(e,b.length),b=b.substring(0,e);return i.nameToUrl(c(b,a&&a.id,!0),d,!0)},defined:function(b){return t(r,p(b,a,!1,!0).id)},specified:function(b){b=p(b,a,!1,!0).id;return t(r,b)||t(h,b)}});a||(j.undef=function(b){x();var c=p(b,a,!0),e=m(h,b);d(b);delete r[b];delete S[c.url];delete $[b];T(A,function(a,c){a[0]===b&&A.splice(c,1)});e&&(e.events.defined&&($[b]=e.events),y(b))});return j},enable:function(a){m(h,a.id)&&
|
||||||
|
s(a).enable()},completeLoad:function(a){var b,c,d=m(j.shim,a)||{},g=d.exports;for(x();A.length;){c=A.shift();if(null===c[0]){c[0]=a;if(b)break;b=!0}else c[0]===a&&(b=!0);E(c)}c=m(h,a);if(!b&&!t(r,a)&&c&&!c.inited){if(j.enforceDefine&&(!g||!da(g)))return e(a)?void 0:w(C("nodefine","No define call for "+a,null,[a]));E([a,d.deps||[],d.exportsFn])}D()},nameToUrl:function(a,b,c){var d,e,h;(d=m(j.pkgs,a))&&(a=d);if(d=m(aa,a))return i.nameToUrl(d,b,c);if(g.jsExtRegExp.test(a))d=a+(b||"");else{d=j.paths;
|
||||||
|
a=a.split("/");for(e=a.length;0<e;e-=1)if(h=a.slice(0,e).join("/"),h=m(d,h)){H(h)&&(h=h[0]);a.splice(0,e,h);break}d=a.join("/");d+=b||(/^data\:|\?/.test(d)||c?"":".js");d=("/"===d.charAt(0)||d.match(/^[\w\+\.\-]+:/)?"":j.baseUrl)+d}return j.urlArgs?d+((-1===d.indexOf("?")?"?":"&")+j.urlArgs):d},load:function(a,b){g.load(i,a,b)},execCb:function(a,b,c,d){return b.apply(d,c)},onScriptLoad:function(a){if("load"===a.type||ja.test((a.currentTarget||a.srcElement).readyState))N=null,a=I(a),i.completeLoad(a.id)},
|
||||||
|
onScriptError:function(a){var b=I(a);if(!e(b.id))return w(C("scripterror","Script error for: "+b.id,a,[b.id]))}};i.require=i.makeRequire();return i}var g,x,y,D,I,E,N,J,s,O,ka=/(\/\*([\s\S]*?)\*\/|([^:]|^)\/\/(.*)$)/mg,la=/[^.]\s*require\s*\(\s*["']([^'"\s]+)["']\s*\)/g,Q=/\.js$/,ia=/^\.\//;x=Object.prototype;var K=x.toString,fa=x.hasOwnProperty,ha=Array.prototype.splice,z=!!("undefined"!==typeof window&&"undefined"!==typeof navigator&&window.document),ea=!z&&"undefined"!==typeof importScripts,ja=
|
||||||
|
z&&"PLAYSTATION 3"===navigator.platform?/^complete$/:/^(complete|loaded)$/,Y="undefined"!==typeof opera&&"[object Opera]"===opera.toString(),F={},q={},R=[],M=!1;if("undefined"===typeof define){if("undefined"!==typeof requirejs){if(G(requirejs))return;q=requirejs;requirejs=void 0}"undefined"!==typeof require&&!G(require)&&(q=require,require=void 0);g=requirejs=function(b,c,d,e){var n,p="_";!H(b)&&"string"!==typeof b&&(n=b,H(c)?(b=c,c=d,d=e):b=[]);n&&n.context&&(p=n.context);(e=m(F,p))||(e=F[p]=g.s.newContext(p));
|
||||||
|
n&&e.configure(n);return e.require(b,c,d)};g.config=function(b){return g(b)};g.nextTick="undefined"!==typeof setTimeout?function(b){setTimeout(b,4)}:function(b){b()};require||(require=g);g.version="2.1.16";g.jsExtRegExp=/^\/|:|\?|\.js$/;g.isBrowser=z;x=g.s={contexts:F,newContext:ga};g({});v(["toUrl","undef","defined","specified"],function(b){g[b]=function(){var c=F._;return c.require[b].apply(c,arguments)}});if(z&&(y=x.head=document.getElementsByTagName("head")[0],D=document.getElementsByTagName("base")[0]))y=
|
||||||
|
x.head=D.parentNode;g.onError=ca;g.createNode=function(b){var c=b.xhtml?document.createElementNS("http://www.w3.org/1999/xhtml","html:script"):document.createElement("script");c.type=b.scriptType||"text/javascript";c.charset="utf-8";c.async=!0;return c};g.load=function(b,c,d){var e=b&&b.config||{};if(z)return e=g.createNode(e,c,d),e.setAttribute("data-requirecontext",b.contextName),e.setAttribute("data-requiremodule",c),e.attachEvent&&!(e.attachEvent.toString&&0>e.attachEvent.toString().indexOf("[native code"))&&
|
||||||
|
!Y?(M=!0,e.attachEvent("onreadystatechange",b.onScriptLoad)):(e.addEventListener("load",b.onScriptLoad,!1),e.addEventListener("error",b.onScriptError,!1)),e.src=d,J=e,D?y.insertBefore(e,D):y.appendChild(e),J=null,e;if(ea)try{importScripts(d),b.completeLoad(c)}catch(m){b.onError(C("importscripts","importScripts failed for "+c+" at "+d,m,[c]))}};z&&!q.skipDataMain&&T(document.getElementsByTagName("script"),function(b){y||(y=b.parentNode);if(I=b.getAttribute("data-main"))return s=I,q.baseUrl||(E=s.split("/"),
|
||||||
|
s=E.pop(),O=E.length?E.join("/")+"/":"./",q.baseUrl=O),s=s.replace(Q,""),g.jsExtRegExp.test(s)&&(s=I),q.deps=q.deps?q.deps.concat(s):[s],!0});define=function(b,c,d){var e,g;"string"!==typeof b&&(d=c,c=b,b=null);H(c)||(d=c,c=null);!c&&G(d)&&(c=[],d.length&&(d.toString().replace(ka,"").replace(la,function(b,d){c.push(d)}),c=(1===d.length?["require"]:["require","exports","module"]).concat(c)));if(M){if(!(e=J))N&&"interactive"===N.readyState||T(document.getElementsByTagName("script"),function(b){if("interactive"===
|
||||||
|
b.readyState)return N=b}),e=N;e&&(b||(b=e.getAttribute("data-requiremodule")),g=F[e.getAttribute("data-requirecontext")])}(g?g.defQueue:R).push([b,c,d])};define.amd={jQuery:!0};g.exec=function(b){return eval(b)};g(q)}})(this);
|
4
mkdocs/js/search-results-template.mustache
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
<article>
|
||||||
|
<h3><a href="{{location}}">{{title}}</a></h3>
|
||||||
|
<p>{{summary}}</p>
|
||||||
|
</article>
|
88
mkdocs/js/search.js
Normal file
@ -0,0 +1,88 @@
|
|||||||
|
require([
|
||||||
|
base_url + '/mkdocs/js/mustache.min.js',
|
||||||
|
base_url + '/mkdocs/js/lunr.min.js',
|
||||||
|
'text!search-results-template.mustache',
|
||||||
|
'text!../search_index.json',
|
||||||
|
], function (Mustache, lunr, results_template, data) {
|
||||||
|
"use strict";
|
||||||
|
|
||||||
|
function getSearchTerm()
|
||||||
|
{
|
||||||
|
var sPageURL = window.location.search.substring(1);
|
||||||
|
var sURLVariables = sPageURL.split('&');
|
||||||
|
for (var i = 0; i < sURLVariables.length; i++)
|
||||||
|
{
|
||||||
|
var sParameterName = sURLVariables[i].split('=');
|
||||||
|
if (sParameterName[0] == 'q')
|
||||||
|
{
|
||||||
|
return decodeURIComponent(sParameterName[1].replace(/\+/g, '%20'));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
var index = lunr(function () {
|
||||||
|
this.field('title', {boost: 10});
|
||||||
|
this.field('text');
|
||||||
|
this.ref('location');
|
||||||
|
});
|
||||||
|
|
||||||
|
data = JSON.parse(data);
|
||||||
|
var documents = {};
|
||||||
|
|
||||||
|
for (var i=0; i < data.docs.length; i++){
|
||||||
|
var doc = data.docs[i];
|
||||||
|
doc.location = base_url + doc.location;
|
||||||
|
index.add(doc);
|
||||||
|
documents[doc.location] = doc;
|
||||||
|
}
|
||||||
|
|
||||||
|
var search = function(){
|
||||||
|
|
||||||
|
var query = document.getElementById('mkdocs-search-query').value;
|
||||||
|
var search_results = document.getElementById("mkdocs-search-results");
|
||||||
|
while (search_results.firstChild) {
|
||||||
|
search_results.removeChild(search_results.firstChild);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(query === ''){
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
var results = index.search(query);
|
||||||
|
|
||||||
|
if (results.length > 0){
|
||||||
|
for (var i=0; i < results.length; i++){
|
||||||
|
var result = results[i];
|
||||||
|
doc = documents[result.ref];
|
||||||
|
doc.base_url = base_url;
|
||||||
|
doc.summary = doc.text.substring(0, 200);
|
||||||
|
var html = Mustache.to_html(results_template, doc);
|
||||||
|
search_results.insertAdjacentHTML('beforeend', html);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
search_results.insertAdjacentHTML('beforeend', "<p>No results found</p>");
|
||||||
|
}
|
||||||
|
|
||||||
|
if(jQuery){
|
||||||
|
/*
|
||||||
|
* We currently only automatically hide bootstrap models. This
|
||||||
|
* requires jQuery to work.
|
||||||
|
*/
|
||||||
|
jQuery('#mkdocs_search_modal a').click(function(){
|
||||||
|
jQuery('#mkdocs_search_modal').modal('hide');
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
var search_input = document.getElementById('mkdocs-search-query');
|
||||||
|
|
||||||
|
var term = getSearchTerm();
|
||||||
|
if (term){
|
||||||
|
search_input.value = term;
|
||||||
|
search();
|
||||||
|
}
|
||||||
|
|
||||||
|
search_input.addEventListener("keyup", search);
|
||||||
|
|
||||||
|
});
|
390
mkdocs/js/text.js
Normal file
@ -0,0 +1,390 @@
|
|||||||
|
/**
|
||||||
|
* @license RequireJS text 2.0.12 Copyright (c) 2010-2014, The Dojo Foundation All Rights Reserved.
|
||||||
|
* Available via the MIT or new BSD license.
|
||||||
|
* see: http://github.com/requirejs/text for details
|
||||||
|
*/
|
||||||
|
/*jslint regexp: true */
|
||||||
|
/*global require, XMLHttpRequest, ActiveXObject,
|
||||||
|
define, window, process, Packages,
|
||||||
|
java, location, Components, FileUtils */
|
||||||
|
|
||||||
|
define(['module'], function (module) {
|
||||||
|
'use strict';
|
||||||
|
|
||||||
|
var text, fs, Cc, Ci, xpcIsWindows,
|
||||||
|
progIds = ['Msxml2.XMLHTTP', 'Microsoft.XMLHTTP', 'Msxml2.XMLHTTP.4.0'],
|
||||||
|
xmlRegExp = /^\s*<\?xml(\s)+version=[\'\"](\d)*.(\d)*[\'\"](\s)*\?>/im,
|
||||||
|
bodyRegExp = /<body[^>]*>\s*([\s\S]+)\s*<\/body>/im,
|
||||||
|
hasLocation = typeof location !== 'undefined' && location.href,
|
||||||
|
defaultProtocol = hasLocation && location.protocol && location.protocol.replace(/\:/, ''),
|
||||||
|
defaultHostName = hasLocation && location.hostname,
|
||||||
|
defaultPort = hasLocation && (location.port || undefined),
|
||||||
|
buildMap = {},
|
||||||
|
masterConfig = (module.config && module.config()) || {};
|
||||||
|
|
||||||
|
text = {
|
||||||
|
version: '2.0.12',
|
||||||
|
|
||||||
|
strip: function (content) {
|
||||||
|
//Strips <?xml ...?> declarations so that external SVG and XML
|
||||||
|
//documents can be added to a document without worry. Also, if the string
|
||||||
|
//is an HTML document, only the part inside the body tag is returned.
|
||||||
|
if (content) {
|
||||||
|
content = content.replace(xmlRegExp, "");
|
||||||
|
var matches = content.match(bodyRegExp);
|
||||||
|
if (matches) {
|
||||||
|
content = matches[1];
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
content = "";
|
||||||
|
}
|
||||||
|
return content;
|
||||||
|
},
|
||||||
|
|
||||||
|
jsEscape: function (content) {
|
||||||
|
return content.replace(/(['\\])/g, '\\$1')
|
||||||
|
.replace(/[\f]/g, "\\f")
|
||||||
|
.replace(/[\b]/g, "\\b")
|
||||||
|
.replace(/[\n]/g, "\\n")
|
||||||
|
.replace(/[\t]/g, "\\t")
|
||||||
|
.replace(/[\r]/g, "\\r")
|
||||||
|
.replace(/[\u2028]/g, "\\u2028")
|
||||||
|
.replace(/[\u2029]/g, "\\u2029");
|
||||||
|
},
|
||||||
|
|
||||||
|
createXhr: masterConfig.createXhr || function () {
|
||||||
|
//Would love to dump the ActiveX crap in here. Need IE 6 to die first.
|
||||||
|
var xhr, i, progId;
|
||||||
|
if (typeof XMLHttpRequest !== "undefined") {
|
||||||
|
return new XMLHttpRequest();
|
||||||
|
} else if (typeof ActiveXObject !== "undefined") {
|
||||||
|
for (i = 0; i < 3; i += 1) {
|
||||||
|
progId = progIds[i];
|
||||||
|
try {
|
||||||
|
xhr = new ActiveXObject(progId);
|
||||||
|
} catch (e) {}
|
||||||
|
|
||||||
|
if (xhr) {
|
||||||
|
progIds = [progId]; // so faster next time
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return xhr;
|
||||||
|
},
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Parses a resource name into its component parts. Resource names
|
||||||
|
* look like: module/name.ext!strip, where the !strip part is
|
||||||
|
* optional.
|
||||||
|
* @param {String} name the resource name
|
||||||
|
* @returns {Object} with properties "moduleName", "ext" and "strip"
|
||||||
|
* where strip is a boolean.
|
||||||
|
*/
|
||||||
|
parseName: function (name) {
|
||||||
|
var modName, ext, temp,
|
||||||
|
strip = false,
|
||||||
|
index = name.indexOf("."),
|
||||||
|
isRelative = name.indexOf('./') === 0 ||
|
||||||
|
name.indexOf('../') === 0;
|
||||||
|
|
||||||
|
if (index !== -1 && (!isRelative || index > 1)) {
|
||||||
|
modName = name.substring(0, index);
|
||||||
|
ext = name.substring(index + 1, name.length);
|
||||||
|
} else {
|
||||||
|
modName = name;
|
||||||
|
}
|
||||||
|
|
||||||
|
temp = ext || modName;
|
||||||
|
index = temp.indexOf("!");
|
||||||
|
if (index !== -1) {
|
||||||
|
//Pull off the strip arg.
|
||||||
|
strip = temp.substring(index + 1) === "strip";
|
||||||
|
temp = temp.substring(0, index);
|
||||||
|
if (ext) {
|
||||||
|
ext = temp;
|
||||||
|
} else {
|
||||||
|
modName = temp;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return {
|
||||||
|
moduleName: modName,
|
||||||
|
ext: ext,
|
||||||
|
strip: strip
|
||||||
|
};
|
||||||
|
},
|
||||||
|
|
||||||
|
xdRegExp: /^((\w+)\:)?\/\/([^\/\\]+)/,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Is an URL on another domain. Only works for browser use, returns
|
||||||
|
* false in non-browser environments. Only used to know if an
|
||||||
|
* optimized .js version of a text resource should be loaded
|
||||||
|
* instead.
|
||||||
|
* @param {String} url
|
||||||
|
* @returns Boolean
|
||||||
|
*/
|
||||||
|
useXhr: function (url, protocol, hostname, port) {
|
||||||
|
var uProtocol, uHostName, uPort,
|
||||||
|
match = text.xdRegExp.exec(url);
|
||||||
|
if (!match) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
uProtocol = match[2];
|
||||||
|
uHostName = match[3];
|
||||||
|
|
||||||
|
uHostName = uHostName.split(':');
|
||||||
|
uPort = uHostName[1];
|
||||||
|
uHostName = uHostName[0];
|
||||||
|
|
||||||
|
return (!uProtocol || uProtocol === protocol) &&
|
||||||
|
(!uHostName || uHostName.toLowerCase() === hostname.toLowerCase()) &&
|
||||||
|
((!uPort && !uHostName) || uPort === port);
|
||||||
|
},
|
||||||
|
|
||||||
|
finishLoad: function (name, strip, content, onLoad) {
|
||||||
|
content = strip ? text.strip(content) : content;
|
||||||
|
if (masterConfig.isBuild) {
|
||||||
|
buildMap[name] = content;
|
||||||
|
}
|
||||||
|
onLoad(content);
|
||||||
|
},
|
||||||
|
|
||||||
|
load: function (name, req, onLoad, config) {
|
||||||
|
//Name has format: some.module.filext!strip
|
||||||
|
//The strip part is optional.
|
||||||
|
//if strip is present, then that means only get the string contents
|
||||||
|
//inside a body tag in an HTML string. For XML/SVG content it means
|
||||||
|
//removing the <?xml ...?> declarations so the content can be inserted
|
||||||
|
//into the current doc without problems.
|
||||||
|
|
||||||
|
// Do not bother with the work if a build and text will
|
||||||
|
// not be inlined.
|
||||||
|
if (config && config.isBuild && !config.inlineText) {
|
||||||
|
onLoad();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
masterConfig.isBuild = config && config.isBuild;
|
||||||
|
|
||||||
|
var parsed = text.parseName(name),
|
||||||
|
nonStripName = parsed.moduleName +
|
||||||
|
(parsed.ext ? '.' + parsed.ext : ''),
|
||||||
|
url = req.toUrl(nonStripName),
|
||||||
|
useXhr = (masterConfig.useXhr) ||
|
||||||
|
text.useXhr;
|
||||||
|
|
||||||
|
// Do not load if it is an empty: url
|
||||||
|
if (url.indexOf('empty:') === 0) {
|
||||||
|
onLoad();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
//Load the text. Use XHR if possible and in a browser.
|
||||||
|
if (!hasLocation || useXhr(url, defaultProtocol, defaultHostName, defaultPort)) {
|
||||||
|
text.get(url, function (content) {
|
||||||
|
text.finishLoad(name, parsed.strip, content, onLoad);
|
||||||
|
}, function (err) {
|
||||||
|
if (onLoad.error) {
|
||||||
|
onLoad.error(err);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
//Need to fetch the resource across domains. Assume
|
||||||
|
//the resource has been optimized into a JS module. Fetch
|
||||||
|
//by the module name + extension, but do not include the
|
||||||
|
//!strip part to avoid file system issues.
|
||||||
|
req([nonStripName], function (content) {
|
||||||
|
text.finishLoad(parsed.moduleName + '.' + parsed.ext,
|
||||||
|
parsed.strip, content, onLoad);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
write: function (pluginName, moduleName, write, config) {
|
||||||
|
if (buildMap.hasOwnProperty(moduleName)) {
|
||||||
|
var content = text.jsEscape(buildMap[moduleName]);
|
||||||
|
write.asModule(pluginName + "!" + moduleName,
|
||||||
|
"define(function () { return '" +
|
||||||
|
content +
|
||||||
|
"';});\n");
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
writeFile: function (pluginName, moduleName, req, write, config) {
|
||||||
|
var parsed = text.parseName(moduleName),
|
||||||
|
extPart = parsed.ext ? '.' + parsed.ext : '',
|
||||||
|
nonStripName = parsed.moduleName + extPart,
|
||||||
|
//Use a '.js' file name so that it indicates it is a
|
||||||
|
//script that can be loaded across domains.
|
||||||
|
fileName = req.toUrl(parsed.moduleName + extPart) + '.js';
|
||||||
|
|
||||||
|
//Leverage own load() method to load plugin value, but only
|
||||||
|
//write out values that do not have the strip argument,
|
||||||
|
//to avoid any potential issues with ! in file names.
|
||||||
|
text.load(nonStripName, req, function (value) {
|
||||||
|
//Use own write() method to construct full module value.
|
||||||
|
//But need to create shell that translates writeFile's
|
||||||
|
//write() to the right interface.
|
||||||
|
var textWrite = function (contents) {
|
||||||
|
return write(fileName, contents);
|
||||||
|
};
|
||||||
|
textWrite.asModule = function (moduleName, contents) {
|
||||||
|
return write.asModule(moduleName, fileName, contents);
|
||||||
|
};
|
||||||
|
|
||||||
|
text.write(pluginName, nonStripName, textWrite, config);
|
||||||
|
}, config);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
if (masterConfig.env === 'node' || (!masterConfig.env &&
|
||||||
|
typeof process !== "undefined" &&
|
||||||
|
process.versions &&
|
||||||
|
!!process.versions.node &&
|
||||||
|
!process.versions['node-webkit'])) {
|
||||||
|
//Using special require.nodeRequire, something added by r.js.
|
||||||
|
fs = require.nodeRequire('fs');
|
||||||
|
|
||||||
|
text.get = function (url, callback, errback) {
|
||||||
|
try {
|
||||||
|
var file = fs.readFileSync(url, 'utf8');
|
||||||
|
//Remove BOM (Byte Mark Order) from utf8 files if it is there.
|
||||||
|
if (file.indexOf('\uFEFF') === 0) {
|
||||||
|
file = file.substring(1);
|
||||||
|
}
|
||||||
|
callback(file);
|
||||||
|
} catch (e) {
|
||||||
|
if (errback) {
|
||||||
|
errback(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
} else if (masterConfig.env === 'xhr' || (!masterConfig.env &&
|
||||||
|
text.createXhr())) {
|
||||||
|
text.get = function (url, callback, errback, headers) {
|
||||||
|
var xhr = text.createXhr(), header;
|
||||||
|
xhr.open('GET', url, true);
|
||||||
|
|
||||||
|
//Allow plugins direct access to xhr headers
|
||||||
|
if (headers) {
|
||||||
|
for (header in headers) {
|
||||||
|
if (headers.hasOwnProperty(header)) {
|
||||||
|
xhr.setRequestHeader(header.toLowerCase(), headers[header]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
//Allow overrides specified in config
|
||||||
|
if (masterConfig.onXhr) {
|
||||||
|
masterConfig.onXhr(xhr, url);
|
||||||
|
}
|
||||||
|
|
||||||
|
xhr.onreadystatechange = function (evt) {
|
||||||
|
var status, err;
|
||||||
|
//Do not explicitly handle errors, those should be
|
||||||
|
//visible via console output in the browser.
|
||||||
|
if (xhr.readyState === 4) {
|
||||||
|
status = xhr.status || 0;
|
||||||
|
if (status > 399 && status < 600) {
|
||||||
|
//An http 4xx or 5xx error. Signal an error.
|
||||||
|
err = new Error(url + ' HTTP status: ' + status);
|
||||||
|
err.xhr = xhr;
|
||||||
|
if (errback) {
|
||||||
|
errback(err);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
callback(xhr.responseText);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (masterConfig.onXhrComplete) {
|
||||||
|
masterConfig.onXhrComplete(xhr, url);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
xhr.send(null);
|
||||||
|
};
|
||||||
|
} else if (masterConfig.env === 'rhino' || (!masterConfig.env &&
|
||||||
|
typeof Packages !== 'undefined' && typeof java !== 'undefined')) {
|
||||||
|
//Why Java, why is this so awkward?
|
||||||
|
text.get = function (url, callback) {
|
||||||
|
var stringBuffer, line,
|
||||||
|
encoding = "utf-8",
|
||||||
|
file = new java.io.File(url),
|
||||||
|
lineSeparator = java.lang.System.getProperty("line.separator"),
|
||||||
|
input = new java.io.BufferedReader(new java.io.InputStreamReader(new java.io.FileInputStream(file), encoding)),
|
||||||
|
content = '';
|
||||||
|
try {
|
||||||
|
stringBuffer = new java.lang.StringBuffer();
|
||||||
|
line = input.readLine();
|
||||||
|
|
||||||
|
// Byte Order Mark (BOM) - The Unicode Standard, version 3.0, page 324
|
||||||
|
// http://www.unicode.org/faq/utf_bom.html
|
||||||
|
|
||||||
|
// Note that when we use utf-8, the BOM should appear as "EF BB BF", but it doesn't due to this bug in the JDK:
|
||||||
|
// http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4508058
|
||||||
|
if (line && line.length() && line.charAt(0) === 0xfeff) {
|
||||||
|
// Eat the BOM, since we've already found the encoding on this file,
|
||||||
|
// and we plan to concatenating this buffer with others; the BOM should
|
||||||
|
// only appear at the top of a file.
|
||||||
|
line = line.substring(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (line !== null) {
|
||||||
|
stringBuffer.append(line);
|
||||||
|
}
|
||||||
|
|
||||||
|
while ((line = input.readLine()) !== null) {
|
||||||
|
stringBuffer.append(lineSeparator);
|
||||||
|
stringBuffer.append(line);
|
||||||
|
}
|
||||||
|
//Make sure we return a JavaScript string and not a Java string.
|
||||||
|
content = String(stringBuffer.toString()); //String
|
||||||
|
} finally {
|
||||||
|
input.close();
|
||||||
|
}
|
||||||
|
callback(content);
|
||||||
|
};
|
||||||
|
} else if (masterConfig.env === 'xpconnect' || (!masterConfig.env &&
|
||||||
|
typeof Components !== 'undefined' && Components.classes &&
|
||||||
|
Components.interfaces)) {
|
||||||
|
//Avert your gaze!
|
||||||
|
Cc = Components.classes;
|
||||||
|
Ci = Components.interfaces;
|
||||||
|
Components.utils['import']('resource://gre/modules/FileUtils.jsm');
|
||||||
|
xpcIsWindows = ('@mozilla.org/windows-registry-key;1' in Cc);
|
||||||
|
|
||||||
|
text.get = function (url, callback) {
|
||||||
|
var inStream, convertStream, fileObj,
|
||||||
|
readData = {};
|
||||||
|
|
||||||
|
if (xpcIsWindows) {
|
||||||
|
url = url.replace(/\//g, '\\');
|
||||||
|
}
|
||||||
|
|
||||||
|
fileObj = new FileUtils.File(url);
|
||||||
|
|
||||||
|
//XPCOM, you so crazy
|
||||||
|
try {
|
||||||
|
inStream = Cc['@mozilla.org/network/file-input-stream;1']
|
||||||
|
.createInstance(Ci.nsIFileInputStream);
|
||||||
|
inStream.init(fileObj, 1, 0, false);
|
||||||
|
|
||||||
|
convertStream = Cc['@mozilla.org/intl/converter-input-stream;1']
|
||||||
|
.createInstance(Ci.nsIConverterInputStream);
|
||||||
|
convertStream.init(inStream, "utf-8", inStream.available(),
|
||||||
|
Ci.nsIConverterInputStream.DEFAULT_REPLACEMENT_CHARACTER);
|
||||||
|
|
||||||
|
convertStream.readString(inStream.available(), readData);
|
||||||
|
convertStream.close();
|
||||||
|
inStream.close();
|
||||||
|
callback(readData.value);
|
||||||
|
} catch (e) {
|
||||||
|
throw new Error((fileObj && fileObj.path || '') + ': ' + e);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
}
|
||||||
|
return text;
|
||||||
|
});
|
839
mkdocs/search_index.json
Normal file
575
oncall/alerting_principles/index.html
Normal file
@ -0,0 +1,575 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if lt IE 7 ]><html class="no-js ie6"><![endif]-->
|
||||||
|
<!--[if IE 7 ]><html class="no-js ie7"><![endif]-->
|
||||||
|
<!--[if IE 8 ]><html class="no-js ie8"><![endif]-->
|
||||||
|
<!--[if IE 9 ]><html class="no-js ie9"><![endif]-->
|
||||||
|
<!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
|
||||||
|
<title>Alerting Principles - Spearhead Systems Incident Response Documentation</title>
|
||||||
|
|
||||||
|
<!-- Author and License -->
|
||||||
|
<meta name="author" content="Spearhead Systems, Inc." />
|
||||||
|
<meta name="dcterms.license" content="http://www.apache.org/licenses/LICENSE-2.0" />
|
||||||
|
|
||||||
|
<!-- Page Description -->
|
||||||
|
|
||||||
|
<meta name="keywords" content="spearhead, incident, response" />
|
||||||
|
<meta name="robots" content="index, follow, noarchive" />
|
||||||
|
|
||||||
|
<!-- Mobile -->
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0" />
|
||||||
|
<meta name="theme-color" content="#1f293a" />
|
||||||
|
|
||||||
|
<!-- Canonical Link -->
|
||||||
|
<link rel="canonical" href="https://response.spearhead.systems/oncall/alerting_principles/">
|
||||||
|
|
||||||
|
<!-- Favicon -->
|
||||||
|
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
<link rel="icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
|
||||||
|
<!-- Apple -->
|
||||||
|
<meta name="apple-mobile-web-app-title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||||
|
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
|
||||||
|
<link rel="apple-touch-icon" href="../../assets/img/icon.png">
|
||||||
|
|
||||||
|
<!-- Open Graph -->
|
||||||
|
<meta property="og:url" content="https://response.spearhead.systems/oncall/alerting_principles/" />
|
||||||
|
<meta property="og:title" content="Alerting Principles - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:site_name" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta property="og:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
<meta property="og:locale" content="en_US" />
|
||||||
|
<meta property="og:type" content="website" />
|
||||||
|
|
||||||
|
<!-- Twitter -->
|
||||||
|
<meta name="twitter:card" content="summary_large_image" />
|
||||||
|
<meta name="twitter:title" content="Alerting Principles - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="twitter:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta name="twitter:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
|
||||||
|
<!-- Style -->
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Icon';
|
||||||
|
src: url('../../assets/fonts/icon.eot?52m981');
|
||||||
|
src: url('../../assets/fonts/icon.eot?#iefix52m981')
|
||||||
|
format('embedded-opentype'),
|
||||||
|
url('../../assets/fonts/icon.woff?52m981')
|
||||||
|
format('woff'),
|
||||||
|
url('../../assets/fonts/icon.ttf?52m981')
|
||||||
|
format('truetype'),
|
||||||
|
url('../../assets/fonts/icon.svg?52m981#icon')
|
||||||
|
format('svg');
|
||||||
|
font-weight: normal;
|
||||||
|
font-style: normal;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/application-a422ff04cc.css">
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/palettes-05ab2406df.css">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Mono">
|
||||||
|
<style>
|
||||||
|
body, input {
|
||||||
|
font-family: 'Roboto', Helvetica, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
pre, code {
|
||||||
|
font-family: 'Roboto Mono', 'Courier New', 'Courier', monospace;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/css/extra.css">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Scripts -->
|
||||||
|
<script src="../../assets/javascripts/modernizr-4ab42b99fd.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<body class="palette-primary-green palette-accent-blue-grey">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="backdrop">
|
||||||
|
<div class="backdrop-paper"></div>
|
||||||
|
</div>
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-drawer">
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-search">
|
||||||
|
<label class="toggle-button overlay" for="toggle-drawer"></label>
|
||||||
|
<header class="header">
|
||||||
|
<nav aria-label="Header">
|
||||||
|
<div class="bar default">
|
||||||
|
<div class="button button-menu" role="button" aria-label="Menu">
|
||||||
|
<label class="toggle-button icon icon-menu" for="toggle-drawer">
|
||||||
|
<span></span>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="mainlogo">
|
||||||
|
<a href="/" title="Go to homepage.">
|
||||||
|
<img src="../../assets/img/logo.png" title="Spearhead Systems" />
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="title">
|
||||||
|
<span class="path">
|
||||||
|
Incident Response
|
||||||
|
<i class="icon icon-link"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="path">
|
||||||
|
|
||||||
|
|
||||||
|
On-Call <i class="icon icon-link"></i>
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
Alerting Principles
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-twitter" role="button" aria-label="Twitter">
|
||||||
|
<a href="https://twitter.com/spearhead_sys" title="@spearhead_sys on Twitter" target="_blank" class="toggle-button icon icon-twitter"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-github" role="button" aria-label="GitHub">
|
||||||
|
<a href="https://github.com/spearheadsys" title="@spearheadsys on GitHub" target="_blank" class="toggle-button icon icon-github"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="button button-search" role="button" aria-label="Search">
|
||||||
|
<label class="toggle-button icon icon-search" title="Search" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="bar search">
|
||||||
|
<div class="button button-close" role="button" aria-label="Close">
|
||||||
|
<label class="toggle-button icon icon-back" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="field">
|
||||||
|
<input class="query" type="text" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-reset" role="button" aria-label="Search">
|
||||||
|
<button class="toggle-button icon icon-close" id="reset-search"></button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<main class="main">
|
||||||
|
|
||||||
|
<div class="drawer">
|
||||||
|
<nav aria-label="Navigation">
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs" class="project">
|
||||||
|
<div class="banner">
|
||||||
|
|
||||||
|
<div class="logo">
|
||||||
|
<img src="../../assets/img/icon.png">
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="name">
|
||||||
|
<strong>
|
||||||
|
Spearhead Systems Incident Response Documentation
|
||||||
|
<span class="version">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</strong>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
spearheadsys/issue-response-docs
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<ul class="repo">
|
||||||
|
<li class="repo-download">
|
||||||
|
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/archive/master.zip" target="_blank" title="Download" data-action="download">
|
||||||
|
<i class="icon icon-download"></i> Download
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
<li class="repo-stars">
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/stargazers" target="_blank" title="Stargazers" data-action="star">
|
||||||
|
<i class="icon icon-star"></i> Stars
|
||||||
|
<span class="count">–</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Home" href="../..">
|
||||||
|
Home
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">On-Call</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Being On-Call" href="../being_oncall/">
|
||||||
|
Being On-Call
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="current" title="Alerting Principles" href="./">
|
||||||
|
Alerting Principles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Examples" href="#examples">
|
||||||
|
Examples
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Before an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Severity Levels" href="../../before/severity_levels/">
|
||||||
|
Severity Levels
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Different Roles" href="../../before/different_roles/">
|
||||||
|
Different Roles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Call Etiquette" href="../../before/call_etiquette/">
|
||||||
|
Call Etiquette
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">During an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="During An Incident" href="../../during/during_an_incident/">
|
||||||
|
During An Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Security Incident" href="../../during/security_incident_response/">
|
||||||
|
Security Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">After an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Process" href="../../after/post_mortem_process/">
|
||||||
|
Post-Mortem Process
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Template" href="../../after/post_mortem_template/">
|
||||||
|
Post-Mortem Template
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Training</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Overview" href="../../training/overview/">
|
||||||
|
Overview
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Team Leader" href="../../training/team_leader/">
|
||||||
|
Team Leader
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Sysadmin" href="../../training/sysadmin/">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Scribe" href="../../training/scribe/">
|
||||||
|
Scribe
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Subject Matter Expert" href="../../training/subject_matter_expert/">
|
||||||
|
Subject Matter Expert
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Glossary" href="../../training/glossary/">
|
||||||
|
Glossary
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="About" href="../../about/">
|
||||||
|
About
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</div>
|
||||||
|
<article class="article">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<h1>Alerting Principles</h1>
|
||||||
|
|
||||||
|
<p>We manage how we get alerted based on many factors such as the customers contractual SLA, the urgency of their request or incident, etc.. <strong>an alert or notification is something which requires a human to perform an action</strong>. Based on the severity of the issue (service request or incident) we prioritize accordingly in <a href="http://doit.sphs.ro">DoIT</a>.</p>
|
||||||
|
<div class="admonition warning">
|
||||||
|
<p class="admonition-title">Major Priority Alerts</p>
|
||||||
|
<p>Anything that wakes up a human in the middle of the night should be <strong>immediately human actionable</strong>. If it is none of those things, then we need to adjust the alert to not page at those times.</p>
|
||||||
|
</div>
|
||||||
|
<table>
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th>Priority</th>
|
||||||
|
<th>Alerts</th>
|
||||||
|
<th>Response</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td>Major</td>
|
||||||
|
<td>Major-Priority Spearhead Alert 24/7/365.</td>
|
||||||
|
<td>Requires <strong>immediate human action</strong>.</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>Normal</td>
|
||||||
|
<td>Normal-Priority Alert during <strong>business hours only</strong>.</td>
|
||||||
|
<td>Requires human action that same working day.</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>Minor</td>
|
||||||
|
<td>Minor-Priority Alert 24/7/365.</td>
|
||||||
|
<td>Requires human action at some point.</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>Notification</td>
|
||||||
|
<td>Suppressed Events. No response required.</td>
|
||||||
|
<td>Informational only. We do not need these to clutter our ticketing or inboxes. If they are enabled they should be sent only to required/specific people, not groups.</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<p>Both IN and SR (incidents, service requests) share the same priorities. The actual response / resolution times vary and are based upon contractual agreements with the customer. These details (SLA) are available in DoIT on the organization page of the respective customer.</p>
|
||||||
|
<p>If you're setting up a new alert/notification, consider the chart above for how you want to alert people. Be mindful of not creating new high-priority alerts if they don't require an immediate response, for example.</p>
|
||||||
|
<div class="admonition info">
|
||||||
|
<p class="admonition-title">Alert Channels</p>
|
||||||
|
<p>Presently we use email as the only notification method. This means keeping an eye on your email is essential!
|
||||||
|
SMS and Push notifications are in the pipeline for DoIT. </p>
|
||||||
|
</div>
|
||||||
|
<h2 id="examples">Examples<a class="headerlink" href="#examples" title="Permanent link">#</a></h2>
|
||||||
|
<h4 id="production-service-is-failing-for-75-of-requests-automation-is-unable-to-resolve_">"Production service is failing for 75% of requests, automation is unable to resolve."_<a class="headerlink" href="#production-service-is-failing-for-75-of-requests-automation-is-unable-to-resolve_" title="Permanent link">#</a></h4>
|
||||||
|
<p>This would be a <strong>Major</strong> priority IN, requiring immediate human action to resolve.</p>
|
||||||
|
<p><img alt="Major Urgency" src="../../assets/img/screenshots/prio-high.png" /></p>
|
||||||
|
<h4 id="a-customer-sends-an-email-stating-that-production-server-disk-space-is-filling-expected-to-be-full-in-48-hours-log-rotation-is-insufficient-to-resolve">"A customer sends an email stating that "Production server disk space is filling, expected to be full in 48 hours. Log rotation is insufficient to resolve."<a class="headerlink" href="#a-customer-sends-an-email-stating-that-production-server-disk-space-is-filling-expected-to-be-full-in-48-hours-log-rotation-is-insufficient-to-resolve" title="Permanent link">#</a></h4>
|
||||||
|
<p>This would be a <strong>Normal</strong> priority SR, requiring human action soon, but not immediately.</p>
|
||||||
|
<p><img alt="Normal Urgency" src="../../assets/img/screenshots/prio-norm.png" /></p>
|
||||||
|
<h4 id="an-ssl-certificate-is-due-to-expire-in-one-week">"An SSL certificate is due to expire in one week."<a class="headerlink" href="#an-ssl-certificate-is-due-to-expire-in-one-week" title="Permanent link">#</a></h4>
|
||||||
|
<p>This would be a <strong>Minor</strong> priority SR, requiring human action some time soon.</p>
|
||||||
|
<p><img alt="Minor Urgency" src="../../assets/img/screenshots/prio-low.png" /></p>
|
||||||
|
<aside class="copyright" role="note">
|
||||||
|
|
||||||
|
Copyright © Spearhead Systems, Inc. –
|
||||||
|
|
||||||
|
Documentation built with
|
||||||
|
<a href="http://www.mkdocs.org" target="_blank">MkDocs</a>
|
||||||
|
using the
|
||||||
|
<a href="http://squidfunk.github.io/mkdocs-material/" target="_blank">
|
||||||
|
Material
|
||||||
|
</a>
|
||||||
|
theme.
|
||||||
|
</aside>
|
||||||
|
|
||||||
|
<footer class="footer">
|
||||||
|
|
||||||
|
<nav class="pagination" aria-label="Footer">
|
||||||
|
<div class="previous">
|
||||||
|
|
||||||
|
<a href="../being_oncall/" title="Being On-Call">
|
||||||
|
<span class="direction">
|
||||||
|
Previous
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="button button-previous" role="button" aria-label="Previous">
|
||||||
|
<i class="icon icon-back"></i>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Being On-Call
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="next">
|
||||||
|
|
||||||
|
<a href="../../before/severity_levels/" title="Severity Levels">
|
||||||
|
<span class="direction">
|
||||||
|
Next
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Severity Levels
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-next" role="button" aria-label="Next">
|
||||||
|
<i class="icon icon-forward"></i>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
|
<div class="results" role="status" aria-live="polite">
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
<div class="meta"></div>
|
||||||
|
<div class="list"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
<script>
|
||||||
|
var base_url = '../..';
|
||||||
|
var repo_id = 'spearheadsys/issue-response-docs';
|
||||||
|
</script>
|
||||||
|
<script src="../../assets/javascripts/application-997097ee0c.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
693
oncall/being_oncall/index.html
Normal file
@ -0,0 +1,693 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if lt IE 7 ]><html class="no-js ie6"><![endif]-->
|
||||||
|
<!--[if IE 7 ]><html class="no-js ie7"><![endif]-->
|
||||||
|
<!--[if IE 8 ]><html class="no-js ie8"><![endif]-->
|
||||||
|
<!--[if IE 9 ]><html class="no-js ie9"><![endif]-->
|
||||||
|
<!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
|
||||||
|
<title>Being On-Call - Spearhead Systems Incident Response Documentation</title>
|
||||||
|
|
||||||
|
<!-- Author and License -->
|
||||||
|
<meta name="author" content="Spearhead Systems, Inc." />
|
||||||
|
<meta name="dcterms.license" content="http://www.apache.org/licenses/LICENSE-2.0" />
|
||||||
|
|
||||||
|
<!-- Page Description -->
|
||||||
|
|
||||||
|
<meta name="keywords" content="spearhead, incident, response" />
|
||||||
|
<meta name="robots" content="index, follow, noarchive" />
|
||||||
|
|
||||||
|
<!-- Mobile -->
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0" />
|
||||||
|
<meta name="theme-color" content="#1f293a" />
|
||||||
|
|
||||||
|
<!-- Canonical Link -->
|
||||||
|
<link rel="canonical" href="https://response.spearhead.systems/oncall/being_oncall/">
|
||||||
|
|
||||||
|
<!-- Favicon -->
|
||||||
|
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
<link rel="icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
|
||||||
|
<!-- Apple -->
|
||||||
|
<meta name="apple-mobile-web-app-title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||||
|
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
|
||||||
|
<link rel="apple-touch-icon" href="../../assets/img/icon.png">
|
||||||
|
|
||||||
|
<!-- Open Graph -->
|
||||||
|
<meta property="og:url" content="https://response.spearhead.systems/oncall/being_oncall/" />
|
||||||
|
<meta property="og:title" content="Being On-Call - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:site_name" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta property="og:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
<meta property="og:locale" content="en_US" />
|
||||||
|
<meta property="og:type" content="website" />
|
||||||
|
|
||||||
|
<!-- Twitter -->
|
||||||
|
<meta name="twitter:card" content="summary_large_image" />
|
||||||
|
<meta name="twitter:title" content="Being On-Call - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="twitter:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta name="twitter:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
|
||||||
|
<!-- Style -->
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Icon';
|
||||||
|
src: url('../../assets/fonts/icon.eot?52m981');
|
||||||
|
src: url('../../assets/fonts/icon.eot?#iefix52m981')
|
||||||
|
format('embedded-opentype'),
|
||||||
|
url('../../assets/fonts/icon.woff?52m981')
|
||||||
|
format('woff'),
|
||||||
|
url('../../assets/fonts/icon.ttf?52m981')
|
||||||
|
format('truetype'),
|
||||||
|
url('../../assets/fonts/icon.svg?52m981#icon')
|
||||||
|
format('svg');
|
||||||
|
font-weight: normal;
|
||||||
|
font-style: normal;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/application-a422ff04cc.css">
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/palettes-05ab2406df.css">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Mono">
|
||||||
|
<style>
|
||||||
|
body, input {
|
||||||
|
font-family: 'Roboto', Helvetica, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
pre, code {
|
||||||
|
font-family: 'Roboto Mono', 'Courier New', 'Courier', monospace;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/css/extra.css">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Scripts -->
|
||||||
|
<script src="../../assets/javascripts/modernizr-4ab42b99fd.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<body class="palette-primary-green palette-accent-blue-grey">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="backdrop">
|
||||||
|
<div class="backdrop-paper"></div>
|
||||||
|
</div>
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-drawer">
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-search">
|
||||||
|
<label class="toggle-button overlay" for="toggle-drawer"></label>
|
||||||
|
<header class="header">
|
||||||
|
<nav aria-label="Header">
|
||||||
|
<div class="bar default">
|
||||||
|
<div class="button button-menu" role="button" aria-label="Menu">
|
||||||
|
<label class="toggle-button icon icon-menu" for="toggle-drawer">
|
||||||
|
<span></span>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="mainlogo">
|
||||||
|
<a href="/" title="Go to homepage.">
|
||||||
|
<img src="../../assets/img/logo.png" title="Spearhead Systems" />
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="title">
|
||||||
|
<span class="path">
|
||||||
|
Incident Response
|
||||||
|
<i class="icon icon-link"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="path">
|
||||||
|
|
||||||
|
|
||||||
|
On-Call <i class="icon icon-link"></i>
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
Being On-Call
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-twitter" role="button" aria-label="Twitter">
|
||||||
|
<a href="https://twitter.com/spearhead_sys" title="@spearhead_sys on Twitter" target="_blank" class="toggle-button icon icon-twitter"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-github" role="button" aria-label="GitHub">
|
||||||
|
<a href="https://github.com/spearheadsys" title="@spearheadsys on GitHub" target="_blank" class="toggle-button icon icon-github"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="button button-search" role="button" aria-label="Search">
|
||||||
|
<label class="toggle-button icon icon-search" title="Search" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="bar search">
|
||||||
|
<div class="button button-close" role="button" aria-label="Close">
|
||||||
|
<label class="toggle-button icon icon-back" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="field">
|
||||||
|
<input class="query" type="text" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-reset" role="button" aria-label="Search">
|
||||||
|
<button class="toggle-button icon icon-close" id="reset-search"></button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<main class="main">
|
||||||
|
|
||||||
|
<div class="drawer">
|
||||||
|
<nav aria-label="Navigation">
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs" class="project">
|
||||||
|
<div class="banner">
|
||||||
|
|
||||||
|
<div class="logo">
|
||||||
|
<img src="../../assets/img/icon.png">
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="name">
|
||||||
|
<strong>
|
||||||
|
Spearhead Systems Incident Response Documentation
|
||||||
|
<span class="version">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</strong>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
spearheadsys/issue-response-docs
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<ul class="repo">
|
||||||
|
<li class="repo-download">
|
||||||
|
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/archive/master.zip" target="_blank" title="Download" data-action="download">
|
||||||
|
<i class="icon icon-download"></i> Download
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
<li class="repo-stars">
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/stargazers" target="_blank" title="Stargazers" data-action="star">
|
||||||
|
<i class="icon icon-star"></i> Stars
|
||||||
|
<span class="count">–</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Home" href="../..">
|
||||||
|
Home
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">On-Call</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="current" title="Being On-Call" href="./">
|
||||||
|
Being On-Call
|
||||||
|
</a>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="What is On-Call?" href="#what-is-on-call">
|
||||||
|
What is On-Call?
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Responsibilities" href="#responsibilities">
|
||||||
|
Responsibilities
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Not Responsibilities" href="#not-responsibilities">
|
||||||
|
Not Responsibilities
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Recommendations" href="#recommendations">
|
||||||
|
Recommendations
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Etiquette" href="#etiquette">
|
||||||
|
Etiquette
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Alerting Principles" href="../alerting_principles/">
|
||||||
|
Alerting Principles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Before an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Severity Levels" href="../../before/severity_levels/">
|
||||||
|
Severity Levels
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Different Roles" href="../../before/different_roles/">
|
||||||
|
Different Roles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Call Etiquette" href="../../before/call_etiquette/">
|
||||||
|
Call Etiquette
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">During an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="During An Incident" href="../../during/during_an_incident/">
|
||||||
|
During An Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Security Incident" href="../../during/security_incident_response/">
|
||||||
|
Security Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">After an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Process" href="../../after/post_mortem_process/">
|
||||||
|
Post-Mortem Process
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Template" href="../../after/post_mortem_template/">
|
||||||
|
Post-Mortem Template
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Training</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Overview" href="../../training/overview/">
|
||||||
|
Overview
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Team Leader" href="../../training/team_leader/">
|
||||||
|
Team Leader
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Sysadmin" href="../../training/sysadmin/">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Scribe" href="../../training/scribe/">
|
||||||
|
Scribe
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Subject Matter Expert" href="../../training/subject_matter_expert/">
|
||||||
|
Subject Matter Expert
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Glossary" href="../../training/glossary/">
|
||||||
|
Glossary
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="About" href="../../about/">
|
||||||
|
About
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</div>
|
||||||
|
<article class="article">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<h1>Being On-Call</h1>
|
||||||
|
|
||||||
|
<p>A summary of expectations and helpful information for being on-call.</p>
|
||||||
|
<p><img alt="Alert Fatigue" src="../../assets/img/misc/alert_fatigue.png" /></p>
|
||||||
|
<h2 id="what-is-on-call">What is On-Call?<a class="headerlink" href="#what-is-on-call" title="Permanent link">#</a></h2>
|
||||||
|
<p>At Spearhead being on-call means that you are able to be contacted at any time in order to investigate and fix issues that may arise. There are two on-call scenarios that you will deal with:</p>
|
||||||
|
<ul>
|
||||||
|
<li>during your normal work shift</li>
|
||||||
|
<li>being on-call for outside working hours</li>
|
||||||
|
</ul>
|
||||||
|
<p>For example, if you are on-call outside normal working hours, should any alarms be triggered by our monitoring solution, you will receive a "page" (an alert on your mobile device, email, phone call, or SMS, etc.) giving you details on what has broken. You will be expected to take whatever actions are necessary in order to resolve the issue and return your service to a normal state. </p>
|
||||||
|
<p>At Spearhead Systems we consider you are on-call during normal working hours in which case you are proactively working with <a href="http://doit.sphs.ro/">DoIT</a> and looking over your assigned cards/boards as well as when you are formally "on-call" and issues are being redirected to you.</p>
|
||||||
|
<p>On-call responsibilities extend beyond normal office hours, and if you are on-call you are expected to be able to respond to issues, even at 2am. This sounds horrible (and it can be), but this is what our customers go through, and is the problem that the Spearhead Systems professional services is trying to fix!</p>
|
||||||
|
<h2 id="responsibilities">Responsibilities<a class="headerlink" href="#responsibilities" title="Permanent link">#</a></h2>
|
||||||
|
<ol>
|
||||||
|
<li>
|
||||||
|
<p><strong>Prepare</strong></p>
|
||||||
|
<ul>
|
||||||
|
<li>Have your laptop and Internet with you (office, home, a MiFi dongle, a phone with a tethering plan, etc).<ul>
|
||||||
|
<li>Have a way to charge your MiFi.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>Team alert escalation happens within 5 minutes, set/stagger your notification timeouts (push, SMS, phone...) accordingly.<ul>
|
||||||
|
<li>Make sure Spearhead Systems (and colleagues directly) texts and calls can bypass your "Do Not Disturb" settings.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>Be prepared (environment is set up, you have remote access tools ready and functional, your credentials are current, you have Java installed, ssh-keys and so on...)</li>
|
||||||
|
<li>Read our Issue Response documentation (that's this!) to understand how we handle incidents and service requests, what the different roles and methods of communication are, etc.</li>
|
||||||
|
<li>Be aware of your upcoming on-call time (primary, backup) and arrange swaps around travel, vacations, appointments etc.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p><strong>Triage</strong></p>
|
||||||
|
<ul>
|
||||||
|
<li>Acknowledge and act on alerts whenever you can (see the first "Not responsibilities" point below)</li>
|
||||||
|
<li>Determine the urgency of the problem:<ul>
|
||||||
|
<li>Is it something that should be worked on right now or escalated into a major incident? ("production server on fire" situations. Security alerts) - do so.</li>
|
||||||
|
<li>Is it some tactical work that doesn't have to happen during the night? (for example, disk utilization high watermark, but there's plenty of space left and the trend is not indicating impending doom) - snooze the alert until a more suitable time (working hours, the next morning...) and get back to fixing it then.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>Check Slack for current activity. Often (but not always) actions that could potentially cause alerts will be announced there.</li>
|
||||||
|
<li>Does the alert and your initial investigation indicate a general problem or an issue with a specific service that the relevant team should look into? If it does not look like a problem you are the expert for, then escalate to another team member or group.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p><strong>Fix</strong></p>
|
||||||
|
<ul>
|
||||||
|
<li>You are empowered to dive into any problem and act to fix it.</li>
|
||||||
|
<li>Involve other team members as necessary: do not hesitate to escalate if you cannot figure out the cause within a reasonable timeframe or if the service / alert is something you have not tackled before.</li>
|
||||||
|
<li>If the issue is not very time sensitive and you have other priority work, make a note of this in DoIT to keep a track of it (with an appropriate severity and due date).</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p><strong>Improve</strong></p>
|
||||||
|
<ul>
|
||||||
|
<li>If a particular issue keeps happening; if an issue alerts often but turns out to be a preventable non-issue – perhaps improving this should be a longer-term task.<ul>
|
||||||
|
<li>Disks that fill up, logs that should be rotated, noisy alerts...(we use ansible, go ahead and start automating!)</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>If information is difficult / impossible to find, write it down. Constantly refactor and improve our knowledge base and documentation. Add redundant links and pointers if your mental model of the wiki / codebase does not match the way it is currently organized.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p><strong>Support</strong></p>
|
||||||
|
<ul>
|
||||||
|
<li>When your on-call "shift" ends, let the next on-call and team know about issues that have not been resolved yet and other experiences of note.<ul>
|
||||||
|
<li>Make an effort to cleanly handover necessary information. We use Slack, email and DoIT to communicate. </li>
|
||||||
|
<li>This is a best-practice that should be applied whenever there are details that by sharong would benefit the efficiency of the team.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>If you are making a change that impacts the schedule (adding / removing yourself, for example), let others know since many of us make arrangements around the on-call schedule well in advance.</li>
|
||||||
|
<li>Support each other: when doing activities that might generate plenty of pages, it is courteous to "take the page" away from the on-call by notifying them and scheduling an override for the duration.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
<h2 id="not-responsibilities">Not Responsibilities<a class="headerlink" href="#not-responsibilities" title="Permanent link">#</a></h2>
|
||||||
|
<ol>
|
||||||
|
<li>
|
||||||
|
<p>No expectation to be the first to acknowledge <em>all</em> of the alerts during the on-call period.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Commute (and other necessary distractions) are facts of life, and sometimes it is not possible to receive or act on an alert before it escalates. That's why we have the backup on-call and schedule for.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>No expectation to fix all issues by yourself.</p>
|
||||||
|
<ul>
|
||||||
|
<li>No one knows everything. Your whole team is here to help. There is no shame, and much to be learned, by escalating issues you are not certain about. "Never hesitate to escalate".</li>
|
||||||
|
<li>Service owners will always know more about how their stuff works. Especially if our and their documentation is lacking, double-checking with the relevant team avoids mistakes. Measure twice, cut once – and it's often best to let the subject matter expert do the cutting.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
<h2 id="recommendations">Recommendations<a class="headerlink" href="#recommendations" title="Permanent link">#</a></h2>
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<p>Always have a backup schedule. Yes, this means two people being on-call at the same time, however it takes a lot of the stress off of the primary if they know they have a specific backup they can contact, rather than trying to chose a random member of the team. </p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>The third-level of your escalation (after backup schedule) should probably be your entire team. This should hopefully never happen, but when it does, it's useful to be able to just get the next available person.</p>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<p><img alt="Escalation" src="../../assets/img/misc/escalation.png" /></p>
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<p>Team leaders (TL) can (and should) be part of your normal rotation. It gives a better insight into what has been going on.</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>New members of the team should shadow your on-call rotation during the first few weeks. They should get all alerts, and should follow along with what you are doing. (All new employees shadow the Support team for one week of on-call, but it's useful to have new team members shadow your team rotations also. Just not at the same time).</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Our escalation timeout is set to 5 minutes. This is usually plenty of time for someone to acknowledge the incident if they're able to. If they're not able to within 5 minutes, then they're probably not in a good position to respond to the incident anyway.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Triggering an escalation is done automatically in most situations based on the type, priority and severity of the issue.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>When going off-call, you should provide a quick summary to the next on-call about any issues that may come up during their shift. A service has been flapping, an issue is likely to re-occur, etc. If you want to be formal, this can be a written report via email, but generally a verbal summary is sufficient.</p>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<h3 id="notification-method-recommendations">Notification Method Recommendations<a class="headerlink" href="#notification-method-recommendations" title="Permanent link">#</a></h3>
|
||||||
|
<p>You are free to set up your notification rules as you see fit, to match how you would like to best respond to incidents. If you're not sure how to configure them, the Support team has some recommendations,</p>
|
||||||
|
<p><img alt="Mobile Alerts" src="../../assets/img/misc/mobile_alerts.png" /></p>
|
||||||
|
<ul>
|
||||||
|
<li>Use Push Notification and Email as your first method of notification. Most of us have phones with us at all times, so this is a prudent first method and is usually sufficient. (DoIT is in the process of integratoin with SNS for push notifications)</li>
|
||||||
|
<li>Use Phone and/or SMS notification each minute after, until the escalation time. If Push didn't work, then it's likely you need something stronger, like a phone call. Keep calling every minute until it's too late. If you don't pick up by the 3rd time, then it's unlikely you are able to respond, and the incident will get escalated away from you.</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="etiquette">Etiquette<a class="headerlink" href="#etiquette" title="Permanent link">#</a></h2>
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<p>If the current on-call comes into the office at 12pm looking tired, it's not because they're lazy. They probably got paged in the night. Cut them some slack and be nice.</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Don't acknowledge an incident out from under someone else. If you didn't get paged for the incident, then you shouldn't be acknowledging it. Add a comment with your notes instead.</p>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<p><img alt="Acknowledging" src="../../assets/img/misc/ack.png" /></p>
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<p>If you are testing something, or performing an action that you know will cause a page (notification, alert), it's customary to "take the pager" for the time during which you will be testing. Notify the person on-call that you are taking the pager for the next hour while you test.</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>"Never hesitate to escalate" - Never feel ashamed to rope in someone else if you're not sure how to resolve an issue. Likewise, never look down on someone else if they ask you for help.</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Always consider covering an hour or so of someone else's on-call time if they request it and you are able. We all have lives which might get in the way of on-call time, and one day it might be you who needs to swap their on-call time in order to have a night out with your friend from out of town.</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>If an issue comes up during your on-call shift for which you got paged, you are responsible for resolving it. Even if it takes 3 hours and there's only 1 hour left of your shift. You can hand over to the next on-call if they agree, but you should never assume that's possible.</p>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<aside class="copyright" role="note">
|
||||||
|
|
||||||
|
Copyright © Spearhead Systems, Inc. –
|
||||||
|
|
||||||
|
Documentation built with
|
||||||
|
<a href="http://www.mkdocs.org" target="_blank">MkDocs</a>
|
||||||
|
using the
|
||||||
|
<a href="http://squidfunk.github.io/mkdocs-material/" target="_blank">
|
||||||
|
Material
|
||||||
|
</a>
|
||||||
|
theme.
|
||||||
|
</aside>
|
||||||
|
|
||||||
|
<footer class="footer">
|
||||||
|
|
||||||
|
<nav class="pagination" aria-label="Footer">
|
||||||
|
<div class="previous">
|
||||||
|
|
||||||
|
<a href="../.." title="Home">
|
||||||
|
<span class="direction">
|
||||||
|
Previous
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="button button-previous" role="button" aria-label="Previous">
|
||||||
|
<i class="icon icon-back"></i>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Home
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="next">
|
||||||
|
|
||||||
|
<a href="../alerting_principles/" title="Alerting Principles">
|
||||||
|
<span class="direction">
|
||||||
|
Next
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Alerting Principles
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-next" role="button" aria-label="Next">
|
||||||
|
<i class="icon icon-forward"></i>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
|
<div class="results" role="status" aria-live="polite">
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
<div class="meta"></div>
|
||||||
|
<div class="list"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
<script>
|
||||||
|
var base_url = '../..';
|
||||||
|
var repo_id = 'spearheadsys/issue-response-docs';
|
||||||
|
</script>
|
||||||
|
<script src="../../assets/javascripts/application-997097ee0c.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
130
sitemap.xml
Normal file
@ -0,0 +1,130 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
|
||||||
|
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://response.spearhead.systems/</loc>
|
||||||
|
<lastmod>2017-01-21</lastmod>
|
||||||
|
<changefreq>daily</changefreq>
|
||||||
|
</url>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://response.spearhead.systems/oncall/being_oncall/</loc>
|
||||||
|
<lastmod>2017-01-21</lastmod>
|
||||||
|
<changefreq>daily</changefreq>
|
||||||
|
</url>
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://response.spearhead.systems/oncall/alerting_principles/</loc>
|
||||||
|
<lastmod>2017-01-21</lastmod>
|
||||||
|
<changefreq>daily</changefreq>
|
||||||
|
</url>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://response.spearhead.systems/before/severity_levels/</loc>
|
||||||
|
<lastmod>2017-01-21</lastmod>
|
||||||
|
<changefreq>daily</changefreq>
|
||||||
|
</url>
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://response.spearhead.systems/before/different_roles/</loc>
|
||||||
|
<lastmod>2017-01-21</lastmod>
|
||||||
|
<changefreq>daily</changefreq>
|
||||||
|
</url>
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://response.spearhead.systems/before/call_etiquette/</loc>
|
||||||
|
<lastmod>2017-01-21</lastmod>
|
||||||
|
<changefreq>daily</changefreq>
|
||||||
|
</url>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://response.spearhead.systems/during/during_an_incident/</loc>
|
||||||
|
<lastmod>2017-01-21</lastmod>
|
||||||
|
<changefreq>daily</changefreq>
|
||||||
|
</url>
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://response.spearhead.systems/during/security_incident_response/</loc>
|
||||||
|
<lastmod>2017-01-21</lastmod>
|
||||||
|
<changefreq>daily</changefreq>
|
||||||
|
</url>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://response.spearhead.systems/after/post_mortem_process/</loc>
|
||||||
|
<lastmod>2017-01-21</lastmod>
|
||||||
|
<changefreq>daily</changefreq>
|
||||||
|
</url>
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://response.spearhead.systems/after/post_mortem_template/</loc>
|
||||||
|
<lastmod>2017-01-21</lastmod>
|
||||||
|
<changefreq>daily</changefreq>
|
||||||
|
</url>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://response.spearhead.systems/training/overview/</loc>
|
||||||
|
<lastmod>2017-01-21</lastmod>
|
||||||
|
<changefreq>daily</changefreq>
|
||||||
|
</url>
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://response.spearhead.systems/training/team_leader/</loc>
|
||||||
|
<lastmod>2017-01-21</lastmod>
|
||||||
|
<changefreq>daily</changefreq>
|
||||||
|
</url>
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://response.spearhead.systems/training/sysadmin/</loc>
|
||||||
|
<lastmod>2017-01-21</lastmod>
|
||||||
|
<changefreq>daily</changefreq>
|
||||||
|
</url>
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://response.spearhead.systems/training/scribe/</loc>
|
||||||
|
<lastmod>2017-01-21</lastmod>
|
||||||
|
<changefreq>daily</changefreq>
|
||||||
|
</url>
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://response.spearhead.systems/training/subject_matter_expert/</loc>
|
||||||
|
<lastmod>2017-01-21</lastmod>
|
||||||
|
<changefreq>daily</changefreq>
|
||||||
|
</url>
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://response.spearhead.systems/training/glossary/</loc>
|
||||||
|
<lastmod>2017-01-21</lastmod>
|
||||||
|
<changefreq>daily</changefreq>
|
||||||
|
</url>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://response.spearhead.systems/about/</loc>
|
||||||
|
<lastmod>2017-01-21</lastmod>
|
||||||
|
<changefreq>daily</changefreq>
|
||||||
|
</url>
|
||||||
|
|
||||||
|
|
||||||
|
</urlset>
|
563
training/glossary/index.html
Normal file
@ -0,0 +1,563 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if lt IE 7 ]><html class="no-js ie6"><![endif]-->
|
||||||
|
<!--[if IE 7 ]><html class="no-js ie7"><![endif]-->
|
||||||
|
<!--[if IE 8 ]><html class="no-js ie8"><![endif]-->
|
||||||
|
<!--[if IE 9 ]><html class="no-js ie9"><![endif]-->
|
||||||
|
<!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
|
||||||
|
<title>Glossary - Spearhead Systems Incident Response Documentation</title>
|
||||||
|
|
||||||
|
<!-- Author and License -->
|
||||||
|
<meta name="author" content="Spearhead Systems, Inc." />
|
||||||
|
<meta name="dcterms.license" content="http://www.apache.org/licenses/LICENSE-2.0" />
|
||||||
|
|
||||||
|
<!-- Page Description -->
|
||||||
|
|
||||||
|
<meta name="keywords" content="spearhead, incident, response" />
|
||||||
|
<meta name="robots" content="index, follow, noarchive" />
|
||||||
|
|
||||||
|
<!-- Mobile -->
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0" />
|
||||||
|
<meta name="theme-color" content="#1f293a" />
|
||||||
|
|
||||||
|
<!-- Canonical Link -->
|
||||||
|
<link rel="canonical" href="https://response.spearhead.systems/training/glossary/">
|
||||||
|
|
||||||
|
<!-- Favicon -->
|
||||||
|
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
<link rel="icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
|
||||||
|
<!-- Apple -->
|
||||||
|
<meta name="apple-mobile-web-app-title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||||
|
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
|
||||||
|
<link rel="apple-touch-icon" href="../../assets/img/icon.png">
|
||||||
|
|
||||||
|
<!-- Open Graph -->
|
||||||
|
<meta property="og:url" content="https://response.spearhead.systems/training/glossary/" />
|
||||||
|
<meta property="og:title" content="Glossary - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:site_name" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta property="og:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
<meta property="og:locale" content="en_US" />
|
||||||
|
<meta property="og:type" content="website" />
|
||||||
|
|
||||||
|
<!-- Twitter -->
|
||||||
|
<meta name="twitter:card" content="summary_large_image" />
|
||||||
|
<meta name="twitter:title" content="Glossary - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="twitter:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta name="twitter:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
|
||||||
|
<!-- Style -->
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Icon';
|
||||||
|
src: url('../../assets/fonts/icon.eot?52m981');
|
||||||
|
src: url('../../assets/fonts/icon.eot?#iefix52m981')
|
||||||
|
format('embedded-opentype'),
|
||||||
|
url('../../assets/fonts/icon.woff?52m981')
|
||||||
|
format('woff'),
|
||||||
|
url('../../assets/fonts/icon.ttf?52m981')
|
||||||
|
format('truetype'),
|
||||||
|
url('../../assets/fonts/icon.svg?52m981#icon')
|
||||||
|
format('svg');
|
||||||
|
font-weight: normal;
|
||||||
|
font-style: normal;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/application-a422ff04cc.css">
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/palettes-05ab2406df.css">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Mono">
|
||||||
|
<style>
|
||||||
|
body, input {
|
||||||
|
font-family: 'Roboto', Helvetica, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
pre, code {
|
||||||
|
font-family: 'Roboto Mono', 'Courier New', 'Courier', monospace;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/css/extra.css">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Scripts -->
|
||||||
|
<script src="../../assets/javascripts/modernizr-4ab42b99fd.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<body class="palette-primary-green palette-accent-blue-grey">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="backdrop">
|
||||||
|
<div class="backdrop-paper"></div>
|
||||||
|
</div>
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-drawer">
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-search">
|
||||||
|
<label class="toggle-button overlay" for="toggle-drawer"></label>
|
||||||
|
<header class="header">
|
||||||
|
<nav aria-label="Header">
|
||||||
|
<div class="bar default">
|
||||||
|
<div class="button button-menu" role="button" aria-label="Menu">
|
||||||
|
<label class="toggle-button icon icon-menu" for="toggle-drawer">
|
||||||
|
<span></span>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="mainlogo">
|
||||||
|
<a href="/" title="Go to homepage.">
|
||||||
|
<img src="../../assets/img/logo.png" title="Spearhead Systems" />
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="title">
|
||||||
|
<span class="path">
|
||||||
|
Incident Response
|
||||||
|
<i class="icon icon-link"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="path">
|
||||||
|
|
||||||
|
|
||||||
|
Training <i class="icon icon-link"></i>
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
Glossary
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-twitter" role="button" aria-label="Twitter">
|
||||||
|
<a href="https://twitter.com/spearhead_sys" title="@spearhead_sys on Twitter" target="_blank" class="toggle-button icon icon-twitter"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-github" role="button" aria-label="GitHub">
|
||||||
|
<a href="https://github.com/spearheadsys" title="@spearheadsys on GitHub" target="_blank" class="toggle-button icon icon-github"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="button button-search" role="button" aria-label="Search">
|
||||||
|
<label class="toggle-button icon icon-search" title="Search" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="bar search">
|
||||||
|
<div class="button button-close" role="button" aria-label="Close">
|
||||||
|
<label class="toggle-button icon icon-back" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="field">
|
||||||
|
<input class="query" type="text" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-reset" role="button" aria-label="Search">
|
||||||
|
<button class="toggle-button icon icon-close" id="reset-search"></button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<main class="main">
|
||||||
|
|
||||||
|
<div class="drawer">
|
||||||
|
<nav aria-label="Navigation">
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs" class="project">
|
||||||
|
<div class="banner">
|
||||||
|
|
||||||
|
<div class="logo">
|
||||||
|
<img src="../../assets/img/icon.png">
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="name">
|
||||||
|
<strong>
|
||||||
|
Spearhead Systems Incident Response Documentation
|
||||||
|
<span class="version">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</strong>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
spearheadsys/issue-response-docs
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<ul class="repo">
|
||||||
|
<li class="repo-download">
|
||||||
|
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/archive/master.zip" target="_blank" title="Download" data-action="download">
|
||||||
|
<i class="icon icon-download"></i> Download
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
<li class="repo-stars">
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/stargazers" target="_blank" title="Stargazers" data-action="star">
|
||||||
|
<i class="icon icon-star"></i> Stars
|
||||||
|
<span class="count">–</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Home" href="../..">
|
||||||
|
Home
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">On-Call</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Being On-Call" href="../../oncall/being_oncall/">
|
||||||
|
Being On-Call
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Alerting Principles" href="../../oncall/alerting_principles/">
|
||||||
|
Alerting Principles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Before an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Severity Levels" href="../../before/severity_levels/">
|
||||||
|
Severity Levels
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Different Roles" href="../../before/different_roles/">
|
||||||
|
Different Roles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Call Etiquette" href="../../before/call_etiquette/">
|
||||||
|
Call Etiquette
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">During an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="During An Incident" href="../../during/during_an_incident/">
|
||||||
|
During An Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Security Incident" href="../../during/security_incident_response/">
|
||||||
|
Security Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">After an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Process" href="../../after/post_mortem_process/">
|
||||||
|
Post-Mortem Process
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Template" href="../../after/post_mortem_template/">
|
||||||
|
Post-Mortem Template
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Training</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Overview" href="../overview/">
|
||||||
|
Overview
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Team Leader" href="../team_leader/">
|
||||||
|
Team Leader
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Sysadmin" href="../sysadmin/">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Scribe" href="../scribe/">
|
||||||
|
Scribe
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Subject Matter Expert" href="../subject_matter_expert/">
|
||||||
|
Subject Matter Expert
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="current" title="Glossary" href="./">
|
||||||
|
Glossary
|
||||||
|
</a>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="About" href="../../about/">
|
||||||
|
About
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</div>
|
||||||
|
<article class="article">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<h1>Glossary</h1>
|
||||||
|
|
||||||
|
<p>Ever wonder what all of those strange words you sometimes see in our documentation mean? This page is here to help.</p>
|
||||||
|
<table>
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th>Term</th>
|
||||||
|
<th>Description</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td><strong>IC / Incident Commander</strong></td>
|
||||||
|
<td>The incident commander is the person responsible for bringing any major incident to resolution. They are the highest ranking individual on any major incident call, regardless of their day-to-day rank. Their decisions made as commander are final. <a href="../../before/different_roles/">More info</a>.</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><strong>Deputy</strong></td>
|
||||||
|
<td>Typically the backup IC. The deputy's job is to support the IC during the call, providing them with any help they need. <a href="../../before/different_roles/">More info</a>.</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><strong>Scribe</strong></td>
|
||||||
|
<td>The scribe's job is to keep a log of all activities performed during the call in a written chat log on Slack. <a href="../../before/different_roles/">More info</a>.</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><strong>Resolver</strong></td>
|
||||||
|
<td>A person on the incident call who is able to help resolve issues within a particular system. Also referred to as an SME (see below). <a href="../../before/different_roles/">More info</a>.</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><strong>SME</strong></td>
|
||||||
|
<td>"Subject Matter Expert", someone who is an expert in a particular service or subject who can provide information to the IC, and perform resolution actions for a particular system. <a href="../../before/different_roles/">More info</a>.</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><strong>CAN Report</strong></td>
|
||||||
|
<td>CAN stands for "Conditions" "Actions" "Needs", if an IC asks you for a CAN report, you should provide the current state of your service (condition), what actions need to be taken to return it to a healthy state (actions), and what support you need in order to perform the actions (needs).</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><strong>Sev / Severity</strong></td>
|
||||||
|
<td>How severe the incident is. The "sev" of an incident determines the type of response we give. The higher the severity, the higher the likelihood of making risky actions to resolve the situation. <a href="../../before/severity_levels/">More info</a>.</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><strong>Span of Control</strong></td>
|
||||||
|
<td>Refers to the number of direct reports you have. For example, if the IC has 10 people as direct reports on a call, they have a large span of control. We aim to make the span of control as minimal as we can while still being productive.</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><strong>Grenade Thrower</strong></td>
|
||||||
|
<td>Someone who joins the call at a late time in the game, and provides information that completely derails the current thinking. They then leave almost immediately.</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><strong>Executive Swoop</strong></td>
|
||||||
|
<td>When an executive comes on the call and drops some sort of bombshell. A version of grenade throwing.</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<aside class="copyright" role="note">
|
||||||
|
|
||||||
|
Copyright © Spearhead Systems, Inc. –
|
||||||
|
|
||||||
|
Documentation built with
|
||||||
|
<a href="http://www.mkdocs.org" target="_blank">MkDocs</a>
|
||||||
|
using the
|
||||||
|
<a href="http://squidfunk.github.io/mkdocs-material/" target="_blank">
|
||||||
|
Material
|
||||||
|
</a>
|
||||||
|
theme.
|
||||||
|
</aside>
|
||||||
|
|
||||||
|
<footer class="footer">
|
||||||
|
|
||||||
|
<nav class="pagination" aria-label="Footer">
|
||||||
|
<div class="previous">
|
||||||
|
|
||||||
|
<a href="../subject_matter_expert/" title="Subject Matter Expert">
|
||||||
|
<span class="direction">
|
||||||
|
Previous
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="button button-previous" role="button" aria-label="Previous">
|
||||||
|
<i class="icon icon-back"></i>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Subject Matter Expert
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="next">
|
||||||
|
|
||||||
|
<a href="../../about/" title="About">
|
||||||
|
<span class="direction">
|
||||||
|
Next
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
About
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-next" role="button" aria-label="Next">
|
||||||
|
<i class="icon icon-forward"></i>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
|
<div class="results" role="status" aria-live="polite">
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
<div class="meta"></div>
|
||||||
|
<div class="list"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
<script>
|
||||||
|
var base_url = '../..';
|
||||||
|
var repo_id = 'spearheadsys/issue-response-docs';
|
||||||
|
</script>
|
||||||
|
<script src="../../assets/javascripts/application-997097ee0c.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
545
training/overview/index.html
Normal file
@ -0,0 +1,545 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if lt IE 7 ]><html class="no-js ie6"><![endif]-->
|
||||||
|
<!--[if IE 7 ]><html class="no-js ie7"><![endif]-->
|
||||||
|
<!--[if IE 8 ]><html class="no-js ie8"><![endif]-->
|
||||||
|
<!--[if IE 9 ]><html class="no-js ie9"><![endif]-->
|
||||||
|
<!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
|
||||||
|
<title>Overview - Spearhead Systems Incident Response Documentation</title>
|
||||||
|
|
||||||
|
<!-- Author and License -->
|
||||||
|
<meta name="author" content="Spearhead Systems, Inc." />
|
||||||
|
<meta name="dcterms.license" content="http://www.apache.org/licenses/LICENSE-2.0" />
|
||||||
|
|
||||||
|
<!-- Page Description -->
|
||||||
|
|
||||||
|
<meta name="keywords" content="spearhead, incident, response" />
|
||||||
|
<meta name="robots" content="index, follow, noarchive" />
|
||||||
|
|
||||||
|
<!-- Mobile -->
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0" />
|
||||||
|
<meta name="theme-color" content="#1f293a" />
|
||||||
|
|
||||||
|
<!-- Canonical Link -->
|
||||||
|
<link rel="canonical" href="https://response.spearhead.systems/training/overview/">
|
||||||
|
|
||||||
|
<!-- Favicon -->
|
||||||
|
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
<link rel="icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
|
||||||
|
<!-- Apple -->
|
||||||
|
<meta name="apple-mobile-web-app-title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||||
|
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
|
||||||
|
<link rel="apple-touch-icon" href="../../assets/img/icon.png">
|
||||||
|
|
||||||
|
<!-- Open Graph -->
|
||||||
|
<meta property="og:url" content="https://response.spearhead.systems/training/overview/" />
|
||||||
|
<meta property="og:title" content="Overview - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:site_name" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta property="og:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
<meta property="og:locale" content="en_US" />
|
||||||
|
<meta property="og:type" content="website" />
|
||||||
|
|
||||||
|
<!-- Twitter -->
|
||||||
|
<meta name="twitter:card" content="summary_large_image" />
|
||||||
|
<meta name="twitter:title" content="Overview - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="twitter:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta name="twitter:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
|
||||||
|
<!-- Style -->
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Icon';
|
||||||
|
src: url('../../assets/fonts/icon.eot?52m981');
|
||||||
|
src: url('../../assets/fonts/icon.eot?#iefix52m981')
|
||||||
|
format('embedded-opentype'),
|
||||||
|
url('../../assets/fonts/icon.woff?52m981')
|
||||||
|
format('woff'),
|
||||||
|
url('../../assets/fonts/icon.ttf?52m981')
|
||||||
|
format('truetype'),
|
||||||
|
url('../../assets/fonts/icon.svg?52m981#icon')
|
||||||
|
format('svg');
|
||||||
|
font-weight: normal;
|
||||||
|
font-style: normal;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/application-a422ff04cc.css">
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/palettes-05ab2406df.css">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Mono">
|
||||||
|
<style>
|
||||||
|
body, input {
|
||||||
|
font-family: 'Roboto', Helvetica, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
pre, code {
|
||||||
|
font-family: 'Roboto Mono', 'Courier New', 'Courier', monospace;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/css/extra.css">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Scripts -->
|
||||||
|
<script src="../../assets/javascripts/modernizr-4ab42b99fd.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<body class="palette-primary-green palette-accent-blue-grey">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="backdrop">
|
||||||
|
<div class="backdrop-paper"></div>
|
||||||
|
</div>
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-drawer">
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-search">
|
||||||
|
<label class="toggle-button overlay" for="toggle-drawer"></label>
|
||||||
|
<header class="header">
|
||||||
|
<nav aria-label="Header">
|
||||||
|
<div class="bar default">
|
||||||
|
<div class="button button-menu" role="button" aria-label="Menu">
|
||||||
|
<label class="toggle-button icon icon-menu" for="toggle-drawer">
|
||||||
|
<span></span>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="mainlogo">
|
||||||
|
<a href="/" title="Go to homepage.">
|
||||||
|
<img src="../../assets/img/logo.png" title="Spearhead Systems" />
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="title">
|
||||||
|
<span class="path">
|
||||||
|
Incident Response
|
||||||
|
<i class="icon icon-link"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="path">
|
||||||
|
|
||||||
|
|
||||||
|
Training <i class="icon icon-link"></i>
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
Overview
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-twitter" role="button" aria-label="Twitter">
|
||||||
|
<a href="https://twitter.com/spearhead_sys" title="@spearhead_sys on Twitter" target="_blank" class="toggle-button icon icon-twitter"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-github" role="button" aria-label="GitHub">
|
||||||
|
<a href="https://github.com/spearheadsys" title="@spearheadsys on GitHub" target="_blank" class="toggle-button icon icon-github"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="button button-search" role="button" aria-label="Search">
|
||||||
|
<label class="toggle-button icon icon-search" title="Search" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="bar search">
|
||||||
|
<div class="button button-close" role="button" aria-label="Close">
|
||||||
|
<label class="toggle-button icon icon-back" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="field">
|
||||||
|
<input class="query" type="text" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-reset" role="button" aria-label="Search">
|
||||||
|
<button class="toggle-button icon icon-close" id="reset-search"></button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<main class="main">
|
||||||
|
|
||||||
|
<div class="drawer">
|
||||||
|
<nav aria-label="Navigation">
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs" class="project">
|
||||||
|
<div class="banner">
|
||||||
|
|
||||||
|
<div class="logo">
|
||||||
|
<img src="../../assets/img/icon.png">
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="name">
|
||||||
|
<strong>
|
||||||
|
Spearhead Systems Incident Response Documentation
|
||||||
|
<span class="version">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</strong>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
spearheadsys/issue-response-docs
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<ul class="repo">
|
||||||
|
<li class="repo-download">
|
||||||
|
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/archive/master.zip" target="_blank" title="Download" data-action="download">
|
||||||
|
<i class="icon icon-download"></i> Download
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
<li class="repo-stars">
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/stargazers" target="_blank" title="Stargazers" data-action="star">
|
||||||
|
<i class="icon icon-star"></i> Stars
|
||||||
|
<span class="count">–</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Home" href="../..">
|
||||||
|
Home
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">On-Call</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Being On-Call" href="../../oncall/being_oncall/">
|
||||||
|
Being On-Call
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Alerting Principles" href="../../oncall/alerting_principles/">
|
||||||
|
Alerting Principles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Before an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Severity Levels" href="../../before/severity_levels/">
|
||||||
|
Severity Levels
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Different Roles" href="../../before/different_roles/">
|
||||||
|
Different Roles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Call Etiquette" href="../../before/call_etiquette/">
|
||||||
|
Call Etiquette
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">During an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="During An Incident" href="../../during/during_an_incident/">
|
||||||
|
During An Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Security Incident" href="../../during/security_incident_response/">
|
||||||
|
Security Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">After an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Process" href="../../after/post_mortem_process/">
|
||||||
|
Post-Mortem Process
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Template" href="../../after/post_mortem_template/">
|
||||||
|
Post-Mortem Template
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Training</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="current" title="Overview" href="./">
|
||||||
|
Overview
|
||||||
|
</a>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Training Guides" href="#training-guides">
|
||||||
|
Training Guides
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="National Incident Management System (NIMS)" href="#national-incident-management-system-nims">
|
||||||
|
National Incident Management System (NIMS)
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Team Leader" href="../team_leader/">
|
||||||
|
Team Leader
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Sysadmin" href="../sysadmin/">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Scribe" href="../scribe/">
|
||||||
|
Scribe
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Subject Matter Expert" href="../subject_matter_expert/">
|
||||||
|
Subject Matter Expert
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Glossary" href="../glossary/">
|
||||||
|
Glossary
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="About" href="../../about/">
|
||||||
|
About
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</div>
|
||||||
|
<article class="article">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<h1>Overview</h1>
|
||||||
|
|
||||||
|
<p>Learning about the Spearhead Systems incident response process is an important part of being an effective member of the Spearhead Systems team. This section goes over our training material for the various roles that are involved in our incident response, along with some additional information and training material from government agencies.</p>
|
||||||
|
<h2 id="training-guides">Training Guides<a class="headerlink" href="#training-guides" title="Permanent link">#</a></h2>
|
||||||
|
<p>Our training guides are split up by role, however you are encouraged to read through the training guides even for roles you don't belong to, as it can give you some good insight into how those people will be behaving during major incidents.</p>
|
||||||
|
<ul>
|
||||||
|
<li><a href="../team_leader/">Team Leader Training</a> - The "TL" is the person who drives a major incident to resolution. They're the person who will be directing everyone else.</li>
|
||||||
|
<li><a href="../sysadmin/">Sysadmin Training</a> - The Sysadmin is someone who supports the Team Leader and can take over for them if necessary.</li>
|
||||||
|
<li><a href="../scribe/">Scribe Training</a> - This is intended for individuals who will be acting as a scribe during an incident.</li>
|
||||||
|
<li><a href="../subject_matter_expert/">SME / Resolver Training</a> - This is relevant to everyone at Spearhead Systems who are on-call for any team or during projects.</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="national-incident-management-system-nims">National Incident Management System (NIMS)<a class="headerlink" href="#national-incident-management-system-nims" title="Permanent link">#</a></h2>
|
||||||
|
<p>Our incident response process is loosely based on the <a href="https://www.fema.gov/national-incident-management-system">US National Incident Management System (NIMS)</a>, which is described as,</p>
|
||||||
|
<p><em>A systematic, proactive approach to guide departments and agencies at all levels of government, nongovernmental organizations, and the private sector to work together seamlessly and manage incidents involving all threats and hazards—regardless of cause, size, location, or complexity—in order to reduce loss of life, property and harm to the environment.</em></p>
|
||||||
|
<p>While it might not initially seem that this would be applicable to an IT operations environment, we've found that many of the lessons learned from major incidents in these situations can be directly applied to our industry too. The principles are the same and span many different environments.</p>
|
||||||
|
<p><a href="https://www.fema.gov/pdf/emergency/nims/NIMS_core.pdf"><img alt="NIMS" src="../../assets/img/thumbnails/nims_core.png" /></a> <a href="https://www.fema.gov/pdf/emergency/nims/nims_training_program.pdf"><img alt="NIMS Training" src="../../assets/img/thumbnails/nims_training.png" /></a></p>
|
||||||
|
<p>If you want to learn more about NIMS, we recommend the <a href="https://training.fema.gov/is/courseoverview.aspx?code=IS-100.b">ICS-100</a> and <a href="https://training.fema.gov/is/courseoverview.aspx?code=IS-700.a">ICS-700</a> online training courses, which go over NIMS and the Incident Command System (You can also take an online examination after training in order to get a certificate from FEMA). There is also a wealth of <a href="https://training.fema.gov/nims/">additional training material and courses from FEMA</a> on NIMS, which I would encourage you to look at.</p>
|
||||||
|
<p>Many cities offer CERT training, after which you can volunteer as a CERT contributor within your community. Not only is it an opportunity to get real world experience with disaster response, but the skills you learn can be applied to everyday life too.</p>
|
||||||
|
<p>Also take a look at the <a href="../../#additional-reading">Additional Reading</a> section on the home page.</p>
|
||||||
|
<aside class="copyright" role="note">
|
||||||
|
|
||||||
|
Copyright © Spearhead Systems, Inc. –
|
||||||
|
|
||||||
|
Documentation built with
|
||||||
|
<a href="http://www.mkdocs.org" target="_blank">MkDocs</a>
|
||||||
|
using the
|
||||||
|
<a href="http://squidfunk.github.io/mkdocs-material/" target="_blank">
|
||||||
|
Material
|
||||||
|
</a>
|
||||||
|
theme.
|
||||||
|
</aside>
|
||||||
|
|
||||||
|
<footer class="footer">
|
||||||
|
|
||||||
|
<nav class="pagination" aria-label="Footer">
|
||||||
|
<div class="previous">
|
||||||
|
|
||||||
|
<a href="../../after/post_mortem_template/" title="Post-Mortem Template">
|
||||||
|
<span class="direction">
|
||||||
|
Previous
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="button button-previous" role="button" aria-label="Previous">
|
||||||
|
<i class="icon icon-back"></i>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Post-Mortem Template
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="next">
|
||||||
|
|
||||||
|
<a href="../team_leader/" title="Team Leader">
|
||||||
|
<span class="direction">
|
||||||
|
Next
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Team Leader
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-next" role="button" aria-label="Next">
|
||||||
|
<i class="icon icon-forward"></i>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
|
<div class="results" role="status" aria-live="polite">
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
<div class="meta"></div>
|
||||||
|
<div class="list"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
<script>
|
||||||
|
var base_url = '../..';
|
||||||
|
var repo_id = 'spearheadsys/issue-response-docs';
|
||||||
|
</script>
|
||||||
|
<script src="../../assets/javascripts/application-997097ee0c.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
621
training/scribe/index.html
Normal file
@ -0,0 +1,621 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if lt IE 7 ]><html class="no-js ie6"><![endif]-->
|
||||||
|
<!--[if IE 7 ]><html class="no-js ie7"><![endif]-->
|
||||||
|
<!--[if IE 8 ]><html class="no-js ie8"><![endif]-->
|
||||||
|
<!--[if IE 9 ]><html class="no-js ie9"><![endif]-->
|
||||||
|
<!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
|
||||||
|
<title>Scribe - Spearhead Systems Incident Response Documentation</title>
|
||||||
|
|
||||||
|
<!-- Author and License -->
|
||||||
|
<meta name="author" content="Spearhead Systems, Inc." />
|
||||||
|
<meta name="dcterms.license" content="http://www.apache.org/licenses/LICENSE-2.0" />
|
||||||
|
|
||||||
|
<!-- Page Description -->
|
||||||
|
|
||||||
|
<meta name="keywords" content="spearhead, incident, response" />
|
||||||
|
<meta name="robots" content="index, follow, noarchive" />
|
||||||
|
|
||||||
|
<!-- Mobile -->
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0" />
|
||||||
|
<meta name="theme-color" content="#1f293a" />
|
||||||
|
|
||||||
|
<!-- Canonical Link -->
|
||||||
|
<link rel="canonical" href="https://response.spearhead.systems/training/scribe/">
|
||||||
|
|
||||||
|
<!-- Favicon -->
|
||||||
|
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
<link rel="icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
|
||||||
|
<!-- Apple -->
|
||||||
|
<meta name="apple-mobile-web-app-title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||||
|
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
|
||||||
|
<link rel="apple-touch-icon" href="../../assets/img/icon.png">
|
||||||
|
|
||||||
|
<!-- Open Graph -->
|
||||||
|
<meta property="og:url" content="https://response.spearhead.systems/training/scribe/" />
|
||||||
|
<meta property="og:title" content="Scribe - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:site_name" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta property="og:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
<meta property="og:locale" content="en_US" />
|
||||||
|
<meta property="og:type" content="website" />
|
||||||
|
|
||||||
|
<!-- Twitter -->
|
||||||
|
<meta name="twitter:card" content="summary_large_image" />
|
||||||
|
<meta name="twitter:title" content="Scribe - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="twitter:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta name="twitter:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
|
||||||
|
<!-- Style -->
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Icon';
|
||||||
|
src: url('../../assets/fonts/icon.eot?52m981');
|
||||||
|
src: url('../../assets/fonts/icon.eot?#iefix52m981')
|
||||||
|
format('embedded-opentype'),
|
||||||
|
url('../../assets/fonts/icon.woff?52m981')
|
||||||
|
format('woff'),
|
||||||
|
url('../../assets/fonts/icon.ttf?52m981')
|
||||||
|
format('truetype'),
|
||||||
|
url('../../assets/fonts/icon.svg?52m981#icon')
|
||||||
|
format('svg');
|
||||||
|
font-weight: normal;
|
||||||
|
font-style: normal;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/application-a422ff04cc.css">
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/palettes-05ab2406df.css">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Mono">
|
||||||
|
<style>
|
||||||
|
body, input {
|
||||||
|
font-family: 'Roboto', Helvetica, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
pre, code {
|
||||||
|
font-family: 'Roboto Mono', 'Courier New', 'Courier', monospace;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/css/extra.css">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Scripts -->
|
||||||
|
<script src="../../assets/javascripts/modernizr-4ab42b99fd.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<body class="palette-primary-green palette-accent-blue-grey">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="backdrop">
|
||||||
|
<div class="backdrop-paper"></div>
|
||||||
|
</div>
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-drawer">
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-search">
|
||||||
|
<label class="toggle-button overlay" for="toggle-drawer"></label>
|
||||||
|
<header class="header">
|
||||||
|
<nav aria-label="Header">
|
||||||
|
<div class="bar default">
|
||||||
|
<div class="button button-menu" role="button" aria-label="Menu">
|
||||||
|
<label class="toggle-button icon icon-menu" for="toggle-drawer">
|
||||||
|
<span></span>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="mainlogo">
|
||||||
|
<a href="/" title="Go to homepage.">
|
||||||
|
<img src="../../assets/img/logo.png" title="Spearhead Systems" />
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="title">
|
||||||
|
<span class="path">
|
||||||
|
Incident Response
|
||||||
|
<i class="icon icon-link"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="path">
|
||||||
|
|
||||||
|
|
||||||
|
Training <i class="icon icon-link"></i>
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
Scribe
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-twitter" role="button" aria-label="Twitter">
|
||||||
|
<a href="https://twitter.com/spearhead_sys" title="@spearhead_sys on Twitter" target="_blank" class="toggle-button icon icon-twitter"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-github" role="button" aria-label="GitHub">
|
||||||
|
<a href="https://github.com/spearheadsys" title="@spearheadsys on GitHub" target="_blank" class="toggle-button icon icon-github"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="button button-search" role="button" aria-label="Search">
|
||||||
|
<label class="toggle-button icon icon-search" title="Search" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="bar search">
|
||||||
|
<div class="button button-close" role="button" aria-label="Close">
|
||||||
|
<label class="toggle-button icon icon-back" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="field">
|
||||||
|
<input class="query" type="text" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-reset" role="button" aria-label="Search">
|
||||||
|
<button class="toggle-button icon icon-close" id="reset-search"></button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<main class="main">
|
||||||
|
|
||||||
|
<div class="drawer">
|
||||||
|
<nav aria-label="Navigation">
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs" class="project">
|
||||||
|
<div class="banner">
|
||||||
|
|
||||||
|
<div class="logo">
|
||||||
|
<img src="../../assets/img/icon.png">
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="name">
|
||||||
|
<strong>
|
||||||
|
Spearhead Systems Incident Response Documentation
|
||||||
|
<span class="version">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</strong>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
spearheadsys/issue-response-docs
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<ul class="repo">
|
||||||
|
<li class="repo-download">
|
||||||
|
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/archive/master.zip" target="_blank" title="Download" data-action="download">
|
||||||
|
<i class="icon icon-download"></i> Download
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
<li class="repo-stars">
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/stargazers" target="_blank" title="Stargazers" data-action="star">
|
||||||
|
<i class="icon icon-star"></i> Stars
|
||||||
|
<span class="count">–</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Home" href="../..">
|
||||||
|
Home
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">On-Call</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Being On-Call" href="../../oncall/being_oncall/">
|
||||||
|
Being On-Call
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Alerting Principles" href="../../oncall/alerting_principles/">
|
||||||
|
Alerting Principles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Before an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Severity Levels" href="../../before/severity_levels/">
|
||||||
|
Severity Levels
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Different Roles" href="../../before/different_roles/">
|
||||||
|
Different Roles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Call Etiquette" href="../../before/call_etiquette/">
|
||||||
|
Call Etiquette
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">During an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="During An Incident" href="../../during/during_an_incident/">
|
||||||
|
During An Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Security Incident" href="../../during/security_incident_response/">
|
||||||
|
Security Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">After an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Process" href="../../after/post_mortem_process/">
|
||||||
|
Post-Mortem Process
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Template" href="../../after/post_mortem_template/">
|
||||||
|
Post-Mortem Template
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Training</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Overview" href="../overview/">
|
||||||
|
Overview
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Team Leader" href="../team_leader/">
|
||||||
|
Team Leader
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Sysadmin" href="../sysadmin/">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="current" title="Scribe" href="./">
|
||||||
|
Scribe
|
||||||
|
</a>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Purpose" href="#purpose">
|
||||||
|
Purpose
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Prerequisites" href="#prerequisites">
|
||||||
|
Prerequisites
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Responsibilities" href="#responsibilities">
|
||||||
|
Responsibilities
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Training Process" href="#training-process">
|
||||||
|
Training Process
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Scribing" href="#scribing">
|
||||||
|
Scribing
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Incident Call Procedures and Lingo" href="#incident-call-procedures-and-lingo">
|
||||||
|
Incident Call Procedures and Lingo
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Subject Matter Expert" href="../subject_matter_expert/">
|
||||||
|
Subject Matter Expert
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Glossary" href="../glossary/">
|
||||||
|
Glossary
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="About" href="../../about/">
|
||||||
|
About
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</div>
|
||||||
|
<article class="article">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<h1>Scribe</h1>
|
||||||
|
|
||||||
|
<p>So you want to be a scribe? You've come to the right place! You don't need to be a senior team member to become a deputy or scribe, anyone can do it providing you have the requisite knowledge!</p>
|
||||||
|
<p><img alt="Typewriter" src="../../assets/img/headers/typewriter.jpg" />
|
||||||
|
<em>Credit: <a href="http://www.publicdomainpictures.net/view-image.php?image=49706&picture=antique-typewriter-keys">Holly Chaffin</a></em></p>
|
||||||
|
<h2 id="purpose">Purpose<a class="headerlink" href="#purpose" title="Permanent link">#</a></h2>
|
||||||
|
<p>The purpose of the Scribe is to maintain a timeline of key events during an incident. Documenting actions, and keeping track of any followup items that will need to be addressed.</p>
|
||||||
|
<p>It's important for the rest of the command staff to be able to focus on the problem at hand, rather than worrying about documenting the steps.</p>
|
||||||
|
<p>Your job as Scribe is to listen to the call and to watch the incident Slack room and DoIT card(s), keeping track of context and actions that need to be performed, documenting these as you go. <strong>You should not be performing any remediations, checking graphs, or investigating logs.</strong> Those tasks will be delegated to the subject matter experts (SME's) by the Team Leader.</p>
|
||||||
|
<h2 id="prerequisites">Prerequisites<a class="headerlink" href="#prerequisites" title="Permanent link">#</a></h2>
|
||||||
|
<p>Before you can be a Scribe, it is expected that you meet the following criteria. Don't worry if you don't meet them all yet, you can still continue with training!</p>
|
||||||
|
<ul>
|
||||||
|
<li>Excellent verbal and written <strong>communication skills</strong>.</li>
|
||||||
|
<li>Has <strong>knowledge of obscure PagerDuty terms</strong>.</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="responsibilities">Responsibilities<a class="headerlink" href="#responsibilities" title="Permanent link">#</a></h2>
|
||||||
|
<p>Read up on our <a href="../../before/different_roles/">Different Roles for Incidents</a> to see what is expected from a Scribe, as well as what we expect from the other roles you'll be interacting with.</p>
|
||||||
|
<h2 id="training-process">Training Process<a class="headerlink" href="#training-process" title="Permanent link">#</a></h2>
|
||||||
|
<p>There is no formal training process for this role, reading this page should be sufficient for most tasks. Here's a list of things you can do to train though,</p>
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<p>Read the rest of this page, particularly the sections below.</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Participate in <a href="https://dod.spearhead.systems/">Friday DoD</a> (DoD).</p>
|
||||||
|
<ul>
|
||||||
|
<li>Shadow a DoD to see how it's run.</li>
|
||||||
|
<li>Be the scribe for multiple DoD's.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="scribing">Scribing<a class="headerlink" href="#scribing" title="Permanent link">#</a></h2>
|
||||||
|
<p>Scribing is more art than science. The objective is to keep an accurate record of important events that occurred on the call, so that we can look back at the timeline to see what happened. But what exactly is important? There's no overwhelming answer, and it really comes down the judgement and experience. But here are some general things you most definitely want to capture as scribe.</p>
|
||||||
|
<ul>
|
||||||
|
<li>The result of any polling decisions.<ul>
|
||||||
|
<li><span class="bad">✘</span> This is not "9 people voted yay, 3 voted nay".</li>
|
||||||
|
<li><span class="good">✓</span> It is "Polled for if we should do rolling restart. <USER_A> is proceeding with restart."</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>Any followup items that are called out as "We should do this..", "Why didn't this?..", etc.<ul>
|
||||||
|
<li><span class="bad">✘</span> This is not "Why isn't the Support representative on the call?"</li>
|
||||||
|
<li><span class="good">✓</span> This is "TODO: Why didn't we get paged for this earlier?"</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="incident-call-procedures-and-lingo">Incident Call Procedures and Lingo<a class="headerlink" href="#incident-call-procedures-and-lingo" title="Permanent link">#</a></h2>
|
||||||
|
<p>The <a href="../../during/during_an_incident/">Steps for Scribe</a> provide a detailed description of what you should be doing during an incident.</p>
|
||||||
|
<p>Here are some examples of phrases and patterns you should use during incident calls.</p>
|
||||||
|
<h3 id="status-stalking">Status Stalking<a class="headerlink" href="#status-stalking" title="Permanent link">#</a></h3>
|
||||||
|
<p>At the start of any major incident call, you should start our status stalking bot, so that it will post to the room an update automatically.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>!status stalk</p>
|
||||||
|
</blockquote>
|
||||||
|
<p>This will provide the update and allow the TL to see the status without having to keep asking.</p>
|
||||||
|
<h3 id="note-important-actions">Note Important Actions<a class="headerlink" href="#note-important-actions" title="Permanent link">#</a></h3>
|
||||||
|
<p>During a call, you will hear lots of discussion happening, you should not be documenting all of this in the chat room. You only want to document things which will be important for the final timeline. It's not always obvious what this might be, and it's usually a matter of judgement. You generally want to note any actions the TL has asked someone to perform, along with the result of any polling decisions.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>Polled for decision on whether to perform rolling restart. We are proceeding with restart. [USER_A] to execute.</p>
|
||||||
|
</blockquote>
|
||||||
|
<p>Some actions might seem important at the time, but end up not being. That's OK. It's better to have more info than not enough, but don't go overboard.</p>
|
||||||
|
<h3 id="note-followup-actions">Note Followup Actions<a class="headerlink" href="#note-followup-actions" title="Permanent link">#</a></h3>
|
||||||
|
<p>Sometimes during the call, someone will either mention something we "should fix", or the TL will specifically ask you to note a followup item. You can do this in Slack and DoIT by simply prefixing with "TODO", this will make it easier to search for later.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>TODO: Why did we not get paged for the fall in traffic on [X] cluster?</p>
|
||||||
|
</blockquote>
|
||||||
|
<p>The post-mortem owner will find these after and raise tasks for them.</p>
|
||||||
|
<h3 id="end-of-call-notification">End of Call Notification<a class="headerlink" href="#end-of-call-notification" title="Permanent link">#</a></h3>
|
||||||
|
<p>When the TL ends the call, you should post a message into Slack to let everyone know the call is over (and notify customers directly via their preffer communications channel), and that they should continue discussion elsewhere.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>Call is over, thanks everyone. Follow up in Slack.</p>
|
||||||
|
</blockquote>
|
||||||
|
<aside class="copyright" role="note">
|
||||||
|
|
||||||
|
Copyright © Spearhead Systems, Inc. –
|
||||||
|
|
||||||
|
Documentation built with
|
||||||
|
<a href="http://www.mkdocs.org" target="_blank">MkDocs</a>
|
||||||
|
using the
|
||||||
|
<a href="http://squidfunk.github.io/mkdocs-material/" target="_blank">
|
||||||
|
Material
|
||||||
|
</a>
|
||||||
|
theme.
|
||||||
|
</aside>
|
||||||
|
|
||||||
|
<footer class="footer">
|
||||||
|
|
||||||
|
<nav class="pagination" aria-label="Footer">
|
||||||
|
<div class="previous">
|
||||||
|
|
||||||
|
<a href="../sysadmin/" title="Sysadmin">
|
||||||
|
<span class="direction">
|
||||||
|
Previous
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="button button-previous" role="button" aria-label="Previous">
|
||||||
|
<i class="icon icon-back"></i>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Sysadmin
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="next">
|
||||||
|
|
||||||
|
<a href="../subject_matter_expert/" title="Subject Matter Expert">
|
||||||
|
<span class="direction">
|
||||||
|
Next
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Subject Matter Expert
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-next" role="button" aria-label="Next">
|
||||||
|
<i class="icon icon-forward"></i>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
|
<div class="results" role="status" aria-live="polite">
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
<div class="meta"></div>
|
||||||
|
<div class="list"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
<script>
|
||||||
|
var base_url = '../..';
|
||||||
|
var repo_id = 'spearheadsys/issue-response-docs';
|
||||||
|
</script>
|
||||||
|
<script src="../../assets/javascripts/application-997097ee0c.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
601
training/subject_matter_expert/index.html
Normal file
@ -0,0 +1,601 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if lt IE 7 ]><html class="no-js ie6"><![endif]-->
|
||||||
|
<!--[if IE 7 ]><html class="no-js ie7"><![endif]-->
|
||||||
|
<!--[if IE 8 ]><html class="no-js ie8"><![endif]-->
|
||||||
|
<!--[if IE 9 ]><html class="no-js ie9"><![endif]-->
|
||||||
|
<!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
|
||||||
|
<title>Subject Matter Expert - Spearhead Systems Incident Response Documentation</title>
|
||||||
|
|
||||||
|
<!-- Author and License -->
|
||||||
|
<meta name="author" content="Spearhead Systems, Inc." />
|
||||||
|
<meta name="dcterms.license" content="http://www.apache.org/licenses/LICENSE-2.0" />
|
||||||
|
|
||||||
|
<!-- Page Description -->
|
||||||
|
|
||||||
|
<meta name="keywords" content="spearhead, incident, response" />
|
||||||
|
<meta name="robots" content="index, follow, noarchive" />
|
||||||
|
|
||||||
|
<!-- Mobile -->
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0" />
|
||||||
|
<meta name="theme-color" content="#1f293a" />
|
||||||
|
|
||||||
|
<!-- Canonical Link -->
|
||||||
|
<link rel="canonical" href="https://response.spearhead.systems/training/subject_matter_expert/">
|
||||||
|
|
||||||
|
<!-- Favicon -->
|
||||||
|
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
<link rel="icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
|
||||||
|
<!-- Apple -->
|
||||||
|
<meta name="apple-mobile-web-app-title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||||
|
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
|
||||||
|
<link rel="apple-touch-icon" href="../../assets/img/icon.png">
|
||||||
|
|
||||||
|
<!-- Open Graph -->
|
||||||
|
<meta property="og:url" content="https://response.spearhead.systems/training/subject_matter_expert/" />
|
||||||
|
<meta property="og:title" content="Subject Matter Expert - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:site_name" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta property="og:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
<meta property="og:locale" content="en_US" />
|
||||||
|
<meta property="og:type" content="website" />
|
||||||
|
|
||||||
|
<!-- Twitter -->
|
||||||
|
<meta name="twitter:card" content="summary_large_image" />
|
||||||
|
<meta name="twitter:title" content="Subject Matter Expert - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="twitter:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta name="twitter:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
|
||||||
|
<!-- Style -->
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Icon';
|
||||||
|
src: url('../../assets/fonts/icon.eot?52m981');
|
||||||
|
src: url('../../assets/fonts/icon.eot?#iefix52m981')
|
||||||
|
format('embedded-opentype'),
|
||||||
|
url('../../assets/fonts/icon.woff?52m981')
|
||||||
|
format('woff'),
|
||||||
|
url('../../assets/fonts/icon.ttf?52m981')
|
||||||
|
format('truetype'),
|
||||||
|
url('../../assets/fonts/icon.svg?52m981#icon')
|
||||||
|
format('svg');
|
||||||
|
font-weight: normal;
|
||||||
|
font-style: normal;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/application-a422ff04cc.css">
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/palettes-05ab2406df.css">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Mono">
|
||||||
|
<style>
|
||||||
|
body, input {
|
||||||
|
font-family: 'Roboto', Helvetica, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
pre, code {
|
||||||
|
font-family: 'Roboto Mono', 'Courier New', 'Courier', monospace;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/css/extra.css">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Scripts -->
|
||||||
|
<script src="../../assets/javascripts/modernizr-4ab42b99fd.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<body class="palette-primary-green palette-accent-blue-grey">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="backdrop">
|
||||||
|
<div class="backdrop-paper"></div>
|
||||||
|
</div>
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-drawer">
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-search">
|
||||||
|
<label class="toggle-button overlay" for="toggle-drawer"></label>
|
||||||
|
<header class="header">
|
||||||
|
<nav aria-label="Header">
|
||||||
|
<div class="bar default">
|
||||||
|
<div class="button button-menu" role="button" aria-label="Menu">
|
||||||
|
<label class="toggle-button icon icon-menu" for="toggle-drawer">
|
||||||
|
<span></span>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="mainlogo">
|
||||||
|
<a href="/" title="Go to homepage.">
|
||||||
|
<img src="../../assets/img/logo.png" title="Spearhead Systems" />
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="title">
|
||||||
|
<span class="path">
|
||||||
|
Incident Response
|
||||||
|
<i class="icon icon-link"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="path">
|
||||||
|
|
||||||
|
|
||||||
|
Training <i class="icon icon-link"></i>
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
Subject Matter Expert
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-twitter" role="button" aria-label="Twitter">
|
||||||
|
<a href="https://twitter.com/spearhead_sys" title="@spearhead_sys on Twitter" target="_blank" class="toggle-button icon icon-twitter"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-github" role="button" aria-label="GitHub">
|
||||||
|
<a href="https://github.com/spearheadsys" title="@spearheadsys on GitHub" target="_blank" class="toggle-button icon icon-github"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="button button-search" role="button" aria-label="Search">
|
||||||
|
<label class="toggle-button icon icon-search" title="Search" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="bar search">
|
||||||
|
<div class="button button-close" role="button" aria-label="Close">
|
||||||
|
<label class="toggle-button icon icon-back" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="field">
|
||||||
|
<input class="query" type="text" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-reset" role="button" aria-label="Search">
|
||||||
|
<button class="toggle-button icon icon-close" id="reset-search"></button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<main class="main">
|
||||||
|
|
||||||
|
<div class="drawer">
|
||||||
|
<nav aria-label="Navigation">
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs" class="project">
|
||||||
|
<div class="banner">
|
||||||
|
|
||||||
|
<div class="logo">
|
||||||
|
<img src="../../assets/img/icon.png">
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="name">
|
||||||
|
<strong>
|
||||||
|
Spearhead Systems Incident Response Documentation
|
||||||
|
<span class="version">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</strong>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
spearheadsys/issue-response-docs
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<ul class="repo">
|
||||||
|
<li class="repo-download">
|
||||||
|
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/archive/master.zip" target="_blank" title="Download" data-action="download">
|
||||||
|
<i class="icon icon-download"></i> Download
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
<li class="repo-stars">
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/stargazers" target="_blank" title="Stargazers" data-action="star">
|
||||||
|
<i class="icon icon-star"></i> Stars
|
||||||
|
<span class="count">–</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Home" href="../..">
|
||||||
|
Home
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">On-Call</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Being On-Call" href="../../oncall/being_oncall/">
|
||||||
|
Being On-Call
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Alerting Principles" href="../../oncall/alerting_principles/">
|
||||||
|
Alerting Principles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Before an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Severity Levels" href="../../before/severity_levels/">
|
||||||
|
Severity Levels
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Different Roles" href="../../before/different_roles/">
|
||||||
|
Different Roles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Call Etiquette" href="../../before/call_etiquette/">
|
||||||
|
Call Etiquette
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">During an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="During An Incident" href="../../during/during_an_incident/">
|
||||||
|
During An Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Security Incident" href="../../during/security_incident_response/">
|
||||||
|
Security Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">After an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Process" href="../../after/post_mortem_process/">
|
||||||
|
Post-Mortem Process
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Template" href="../../after/post_mortem_template/">
|
||||||
|
Post-Mortem Template
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Training</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Overview" href="../overview/">
|
||||||
|
Overview
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Team Leader" href="../team_leader/">
|
||||||
|
Team Leader
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Sysadmin" href="../sysadmin/">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Scribe" href="../scribe/">
|
||||||
|
Scribe
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="current" title="Subject Matter Expert" href="./">
|
||||||
|
Subject Matter Expert
|
||||||
|
</a>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="On-Call Expectations" href="#on-call-expectations">
|
||||||
|
On-Call Expectations
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Response Mobilization" href="#response-mobilization">
|
||||||
|
Response Mobilization
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title=""Never Hesitate to Escalate"" href="#never-hesitate-to-escalate">
|
||||||
|
"Never Hesitate to Escalate"
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Blameless" href="#blameless">
|
||||||
|
Blameless
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Wartime vs Peacetime" href="#wartime-vs-peacetime">
|
||||||
|
Wartime vs Peacetime
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Glossary" href="../glossary/">
|
||||||
|
Glossary
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="About" href="../../about/">
|
||||||
|
About
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</div>
|
||||||
|
<article class="article">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<h1>Subject Matter Expert</h1>
|
||||||
|
|
||||||
|
<p>If you are on-call for any team at Spearhead Systems, you may be paged for a major incident and will be expected to respond as a subject matter expert (SME) for your service. This page details everything you need to know in order to be prepared for that responsibility. If you are interested in becoming an Team Leader, take a look at the <a href="../team_leader/">Team Leader Training page</a>.</p>
|
||||||
|
<p><img alt="Incident Response" src="../../assets/img/headers/incident_response.jpg" />
|
||||||
|
<em>Credit: <a href="https://www.flickr.com/photos/oregondot/8743809853/in/album-72157633494644719/">oregondot @ Flickr</a></em></p>
|
||||||
|
<h2 id="on-call-expectations">On-Call Expectations<a class="headerlink" href="#on-call-expectations" title="Permanent link">#</a></h2>
|
||||||
|
<p>If you are on-call for your team, there are certain expectations of you as that on-call. This applies to both the primary and secondary on-calls. Getting paged about a IN-3 or SR-3 in your system comes with different expectations than getting paged with a IN-1.</p>
|
||||||
|
<h3 id="before-going-on-call">Before Going On-Call<a class="headerlink" href="#before-going-on-call" title="Permanent link">#</a></h3>
|
||||||
|
<ol>
|
||||||
|
<li>Be prepared, by having already familiarized yourself with our incident response policies and procedures. In particular,<ol>
|
||||||
|
<li><a href="../../before/different_roles/">Different Roles for Incidents</a> - You will be acting as a "Resolver" or "SME". But you should familiarize yourself with the other roles and what they will be doing.</li>
|
||||||
|
<li><a href="../../before/call_etiquette/">Incident Call Etiquette</a> - How to behave during an incident call.</li>
|
||||||
|
<li><a href="../../during/during_an_incident/">During an Incident</a> - What to do during an incident. You are specifically interested in the "Resolver" steps, but you should familiarize yourself with the entire document.</li>
|
||||||
|
<li><a href="../glossary/">Glossary</a> - Familiarize yourself with the terminology that may be used during the call.</li>
|
||||||
|
</ol>
|
||||||
|
</li>
|
||||||
|
<li>Make sure you have set up your alerting methods, and that these can bypass your "Do Not Disturb" settings.</li>
|
||||||
|
<li>Check you can join the incident call. You may need to install a browser plugin. You don't want to be doing that the first time you get paged.</li>
|
||||||
|
<li>Be aware of your upcoming on-call time and arrange swaps around travel, vacations, appointments, etc.</li>
|
||||||
|
<li>If you are an Team Leader, make sure you are not on-call for your team at the same time as being on-call as Team Leader.</li>
|
||||||
|
</ol>
|
||||||
|
<h3 id="during-on-call-period">During On-Call Period<a class="headerlink" href="#during-on-call-period" title="Permanent link">#</a></h3>
|
||||||
|
<ol>
|
||||||
|
<li>Have your laptop and Internet with you at all times during your on-call period (office, home, a MiFi, a phone with a tethering plan, etc).</li>
|
||||||
|
<li>If you have important appointments, you need to get someone else on your team to cover that time slot in advance.</li>
|
||||||
|
<li>When you receive an alert for a major incident, you are expected to join the incident call and Slack as quickly as possible (within minutes).<ol>
|
||||||
|
<li>You will be asked questions or given actions by the Team Leader. Answer questions concisely, and follow all actions given (even if you disagree with them).</li>
|
||||||
|
</ol>
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
<h2 id="response-mobilization">Response Mobilization<a class="headerlink" href="#response-mobilization" title="Permanent link">#</a></h2>
|
||||||
|
<p>When an incident occurs, you must be mobilized or assigned to become part of the incident response. In other words, until you are mobilized to the incident via a page or being directly asked by someone else on the incident, you remain in your everyday role. After being mobilized, your first task is to check in and receive an assignment. While it's tempting to see an incident happening and want to jump in and help, when resources show up that have not been requested, the management of the incident can be compromised.</p>
|
||||||
|
<h2 id="never-hesitate-to-escalate">"Never Hesitate to Escalate"<a class="headerlink" href="#never-hesitate-to-escalate" title="Permanent link">#</a></h2>
|
||||||
|
<p>If you're not sure about something, it is perfectly acceptable to bring in other SMEs from your team that you believe know a given system better than you. Don't let your ego keep you from bringing in additional help. Our motto is "Never hesitate to escalate", you will never be looked down upon for escalating something because you didn't know how to handle it.</p>
|
||||||
|
<h2 id="blameless">Blameless<a class="headerlink" href="#blameless" title="Permanent link">#</a></h2>
|
||||||
|
<p>There will be incidents. Some will be caused by you, some will be caused by others... some will just happen. Our entire incident response process is completely blameless. Blaming people is counter productive and just distracts from the problem at hand. No matter how an incident started, they all need to get solved as quickly as possible.</p>
|
||||||
|
<h2 id="wartime-vs-peacetime">Wartime vs Peacetime<a class="headerlink" href="#wartime-vs-peacetime" title="Permanent link">#</a></h2>
|
||||||
|
<p>Behavior during a major incident is very different to any other alert you may have received in the past. We call a major incident "wartime", and make a distinction between that and normal everyday operations ("peacetime").</p>
|
||||||
|
<h3 id="peacetime">Peacetime<a class="headerlink" href="#peacetime" title="Permanent link">#</a></h3>
|
||||||
|
<p>The organizational structure is generally based on seniority. The more senior members of a team will lead discussions, and managers or team leads will have the final say. Decisions are made after careful consideration of all options, and to minimize potential risk to customers.</p>
|
||||||
|
<h3 id="wartime">Wartime<a class="headerlink" href="#wartime" title="Permanent link">#</a></h3>
|
||||||
|
<p>Wartime is different, and you will notice on our major incident calls that there's a different organizational structure.</p>
|
||||||
|
<ul>
|
||||||
|
<li>The Team Leader is in charge. No matter their rank during peacetime, they are now the highest ranked individual on the call, higher than the CEO.</li>
|
||||||
|
<li>Primary responders (folks acting as primary on-call for a team/service) are the highest ranked individuals for that service.</li>
|
||||||
|
<li>Decisions will be made by the TL after consideration of the information presented. Once that decision is made, it is final.</li>
|
||||||
|
<li>Riskier decisions can be made by the TL than would normally be considered during peacetime.<ul>
|
||||||
|
<li>For example, the TL may decide to drop events for a particular customer in order to maintain the integrity of the system for everyone else.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>The TL may go against a consensus decision. If a poll is done, and 9/10 people agree but 1 disagrees. The TL may choose the disagreement option despite a majority vote.<ul>
|
||||||
|
<li>Even if you disagree, the TL's decision is final. During the call is not the time to argue with them.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>The TL may use language or behave in a way you find rude. This is wartime, and they need to do whatever it takes to resolve the situation, so sometimes rudeness occurs. This is never anything personal, and something you should be prepared to experience if you've never been in a wartime situation before.</li>
|
||||||
|
<li>You may be asked to leave the call by the TL, or you may even be forceable kicked off a call. It is at the TL's discretion to do this if they feel you are not providing useful input. Again, this is nothing personal and you should remember that wartime is different than peacetime.</li>
|
||||||
|
</ul>
|
||||||
|
<aside class="copyright" role="note">
|
||||||
|
|
||||||
|
Copyright © Spearhead Systems, Inc. –
|
||||||
|
|
||||||
|
Documentation built with
|
||||||
|
<a href="http://www.mkdocs.org" target="_blank">MkDocs</a>
|
||||||
|
using the
|
||||||
|
<a href="http://squidfunk.github.io/mkdocs-material/" target="_blank">
|
||||||
|
Material
|
||||||
|
</a>
|
||||||
|
theme.
|
||||||
|
</aside>
|
||||||
|
|
||||||
|
<footer class="footer">
|
||||||
|
|
||||||
|
<nav class="pagination" aria-label="Footer">
|
||||||
|
<div class="previous">
|
||||||
|
|
||||||
|
<a href="../scribe/" title="Scribe">
|
||||||
|
<span class="direction">
|
||||||
|
Previous
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="button button-previous" role="button" aria-label="Previous">
|
||||||
|
<i class="icon icon-back"></i>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Scribe
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="next">
|
||||||
|
|
||||||
|
<a href="../glossary/" title="Glossary">
|
||||||
|
<span class="direction">
|
||||||
|
Next
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Glossary
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-next" role="button" aria-label="Next">
|
||||||
|
<i class="icon icon-forward"></i>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
|
<div class="results" role="status" aria-live="polite">
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
<div class="meta"></div>
|
||||||
|
<div class="list"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
<script>
|
||||||
|
var base_url = '../..';
|
||||||
|
var repo_id = 'spearheadsys/issue-response-docs';
|
||||||
|
</script>
|
||||||
|
<script src="../../assets/javascripts/application-997097ee0c.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
592
training/sysadmin/index.html
Normal file
@ -0,0 +1,592 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if lt IE 7 ]><html class="no-js ie6"><![endif]-->
|
||||||
|
<!--[if IE 7 ]><html class="no-js ie7"><![endif]-->
|
||||||
|
<!--[if IE 8 ]><html class="no-js ie8"><![endif]-->
|
||||||
|
<!--[if IE 9 ]><html class="no-js ie9"><![endif]-->
|
||||||
|
<!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
|
||||||
|
<title>Sysadmin - Spearhead Systems Incident Response Documentation</title>
|
||||||
|
|
||||||
|
<!-- Author and License -->
|
||||||
|
<meta name="author" content="Spearhead Systems, Inc." />
|
||||||
|
<meta name="dcterms.license" content="http://www.apache.org/licenses/LICENSE-2.0" />
|
||||||
|
|
||||||
|
<!-- Page Description -->
|
||||||
|
|
||||||
|
<meta name="keywords" content="spearhead, incident, response" />
|
||||||
|
<meta name="robots" content="index, follow, noarchive" />
|
||||||
|
|
||||||
|
<!-- Mobile -->
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0" />
|
||||||
|
<meta name="theme-color" content="#1f293a" />
|
||||||
|
|
||||||
|
<!-- Canonical Link -->
|
||||||
|
<link rel="canonical" href="https://response.spearhead.systems/training/sysadmin/">
|
||||||
|
|
||||||
|
<!-- Favicon -->
|
||||||
|
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
<link rel="icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
|
||||||
|
<!-- Apple -->
|
||||||
|
<meta name="apple-mobile-web-app-title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||||
|
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
|
||||||
|
<link rel="apple-touch-icon" href="../../assets/img/icon.png">
|
||||||
|
|
||||||
|
<!-- Open Graph -->
|
||||||
|
<meta property="og:url" content="https://response.spearhead.systems/training/sysadmin/" />
|
||||||
|
<meta property="og:title" content="Sysadmin - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:site_name" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta property="og:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
<meta property="og:locale" content="en_US" />
|
||||||
|
<meta property="og:type" content="website" />
|
||||||
|
|
||||||
|
<!-- Twitter -->
|
||||||
|
<meta name="twitter:card" content="summary_large_image" />
|
||||||
|
<meta name="twitter:title" content="Sysadmin - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="twitter:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta name="twitter:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
|
||||||
|
<!-- Style -->
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Icon';
|
||||||
|
src: url('../../assets/fonts/icon.eot?52m981');
|
||||||
|
src: url('../../assets/fonts/icon.eot?#iefix52m981')
|
||||||
|
format('embedded-opentype'),
|
||||||
|
url('../../assets/fonts/icon.woff?52m981')
|
||||||
|
format('woff'),
|
||||||
|
url('../../assets/fonts/icon.ttf?52m981')
|
||||||
|
format('truetype'),
|
||||||
|
url('../../assets/fonts/icon.svg?52m981#icon')
|
||||||
|
format('svg');
|
||||||
|
font-weight: normal;
|
||||||
|
font-style: normal;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/application-a422ff04cc.css">
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/palettes-05ab2406df.css">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Mono">
|
||||||
|
<style>
|
||||||
|
body, input {
|
||||||
|
font-family: 'Roboto', Helvetica, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
pre, code {
|
||||||
|
font-family: 'Roboto Mono', 'Courier New', 'Courier', monospace;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/css/extra.css">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Scripts -->
|
||||||
|
<script src="../../assets/javascripts/modernizr-4ab42b99fd.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<body class="palette-primary-green palette-accent-blue-grey">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="backdrop">
|
||||||
|
<div class="backdrop-paper"></div>
|
||||||
|
</div>
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-drawer">
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-search">
|
||||||
|
<label class="toggle-button overlay" for="toggle-drawer"></label>
|
||||||
|
<header class="header">
|
||||||
|
<nav aria-label="Header">
|
||||||
|
<div class="bar default">
|
||||||
|
<div class="button button-menu" role="button" aria-label="Menu">
|
||||||
|
<label class="toggle-button icon icon-menu" for="toggle-drawer">
|
||||||
|
<span></span>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="mainlogo">
|
||||||
|
<a href="/" title="Go to homepage.">
|
||||||
|
<img src="../../assets/img/logo.png" title="Spearhead Systems" />
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="title">
|
||||||
|
<span class="path">
|
||||||
|
Incident Response
|
||||||
|
<i class="icon icon-link"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="path">
|
||||||
|
|
||||||
|
|
||||||
|
Training <i class="icon icon-link"></i>
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
Sysadmin
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-twitter" role="button" aria-label="Twitter">
|
||||||
|
<a href="https://twitter.com/spearhead_sys" title="@spearhead_sys on Twitter" target="_blank" class="toggle-button icon icon-twitter"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-github" role="button" aria-label="GitHub">
|
||||||
|
<a href="https://github.com/spearheadsys" title="@spearheadsys on GitHub" target="_blank" class="toggle-button icon icon-github"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="button button-search" role="button" aria-label="Search">
|
||||||
|
<label class="toggle-button icon icon-search" title="Search" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="bar search">
|
||||||
|
<div class="button button-close" role="button" aria-label="Close">
|
||||||
|
<label class="toggle-button icon icon-back" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="field">
|
||||||
|
<input class="query" type="text" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-reset" role="button" aria-label="Search">
|
||||||
|
<button class="toggle-button icon icon-close" id="reset-search"></button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<main class="main">
|
||||||
|
|
||||||
|
<div class="drawer">
|
||||||
|
<nav aria-label="Navigation">
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs" class="project">
|
||||||
|
<div class="banner">
|
||||||
|
|
||||||
|
<div class="logo">
|
||||||
|
<img src="../../assets/img/icon.png">
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="name">
|
||||||
|
<strong>
|
||||||
|
Spearhead Systems Incident Response Documentation
|
||||||
|
<span class="version">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</strong>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
spearheadsys/issue-response-docs
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<ul class="repo">
|
||||||
|
<li class="repo-download">
|
||||||
|
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/archive/master.zip" target="_blank" title="Download" data-action="download">
|
||||||
|
<i class="icon icon-download"></i> Download
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
<li class="repo-stars">
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/stargazers" target="_blank" title="Stargazers" data-action="star">
|
||||||
|
<i class="icon icon-star"></i> Stars
|
||||||
|
<span class="count">–</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Home" href="../..">
|
||||||
|
Home
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">On-Call</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Being On-Call" href="../../oncall/being_oncall/">
|
||||||
|
Being On-Call
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Alerting Principles" href="../../oncall/alerting_principles/">
|
||||||
|
Alerting Principles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Before an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Severity Levels" href="../../before/severity_levels/">
|
||||||
|
Severity Levels
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Different Roles" href="../../before/different_roles/">
|
||||||
|
Different Roles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Call Etiquette" href="../../before/call_etiquette/">
|
||||||
|
Call Etiquette
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">During an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="During An Incident" href="../../during/during_an_incident/">
|
||||||
|
During An Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Security Incident" href="../../during/security_incident_response/">
|
||||||
|
Security Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">After an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Process" href="../../after/post_mortem_process/">
|
||||||
|
Post-Mortem Process
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Template" href="../../after/post_mortem_template/">
|
||||||
|
Post-Mortem Template
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Training</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Overview" href="../overview/">
|
||||||
|
Overview
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Team Leader" href="../team_leader/">
|
||||||
|
Team Leader
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="current" title="Sysadmin" href="./">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Purpose" href="#purpose">
|
||||||
|
Purpose
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Prerequisites" href="#prerequisites">
|
||||||
|
Prerequisites
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Responsibilities" href="#responsibilities">
|
||||||
|
Responsibilities
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Training Process" href="#training-process">
|
||||||
|
Training Process
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Incident Call Procedures and Lingo" href="#incident-call-procedures-and-lingo">
|
||||||
|
Incident Call Procedures and Lingo
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Scribe" href="../scribe/">
|
||||||
|
Scribe
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Subject Matter Expert" href="../subject_matter_expert/">
|
||||||
|
Subject Matter Expert
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Glossary" href="../glossary/">
|
||||||
|
Glossary
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="About" href="../../about/">
|
||||||
|
About
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</div>
|
||||||
|
<article class="article">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<h1>Sysadmin</h1>
|
||||||
|
|
||||||
|
<p>So you want to be a Sysadmin? You've come to the right place!</p>
|
||||||
|
<p><img alt="Deputy" src="../../assets/img/headers/incident_command_support.jpg" />
|
||||||
|
<em>Credit: <a href="https://www.flickr.com/photos/oregondot/8743801731/in/album-72157633494644719/">oregondot @ Flickr</a></em></p>
|
||||||
|
<h2 id="purpose">Purpose<a class="headerlink" href="#purpose" title="Permanent link">#</a></h2>
|
||||||
|
<p>The purpose of the Sysadmin is to support the TL by keeping track of timers, notifying the TL of important information, and paging other people as directed by the TL.</p>
|
||||||
|
<p>It's important for the TL to focus on the problem at hand, rather than worrying about monitoring timers. The deputy is there to help support the TL and keep them focussed on the incident.</p>
|
||||||
|
<p>As a Sysadmin, you will be expected to take over command from the TL if they request it.</p>
|
||||||
|
<p><strong>You should be performing any remediations, checking graphs, or investigating logs</strong> unless otherwise delegated by the TL.</p>
|
||||||
|
<h2 id="prerequisites">Prerequisites<a class="headerlink" href="#prerequisites" title="Permanent link">#</a></h2>
|
||||||
|
<p>Before you can be a Sysadmin, it is expected that you meet the following criteria. Don't worry if you don't meet them all yet, you can still continue with training!</p>
|
||||||
|
<ul>
|
||||||
|
<li>Be trained as an <a href="../team_leader/">Team Leader</a>.</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="responsibilities">Responsibilities<a class="headerlink" href="#responsibilities" title="Permanent link">#</a></h2>
|
||||||
|
<p>Read up on our <a href="../../before/different_roles/">Different Roles for Incidents</a> to see what is expected from a Sysadmin, as well as what we expect from the other roles you'll be interacting with.</p>
|
||||||
|
<h2 id="training-process">Training Process<a class="headerlink" href="#training-process" title="Permanent link">#</a></h2>
|
||||||
|
<p>The training process for a Sysadmin is quite simple.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Follow our <a href="../team_leader/">Team Leader Training</a>.</li>
|
||||||
|
<li>Read this page.</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="incident-call-procedures-and-lingo">Incident Call Procedures and Lingo<a class="headerlink" href="#incident-call-procedures-and-lingo" title="Permanent link">#</a></h2>
|
||||||
|
<p>The <a href="../../during/during_an_incident/">Steps for Sysadmin</a> provide a detailed description of what you should be doing during an incident.</p>
|
||||||
|
<p>Here are some examples of phrases and patterns you should use during incident calls.</p>
|
||||||
|
<h3 id="keep-track-of-responders">Keep Track of Responders<a class="headerlink" href="#keep-track-of-responders" title="Permanent link">#</a></h3>
|
||||||
|
<p>As you listen to the call, you should keep track of the responders to the call as you hear them speak. Make a note on a piece of paper and add them to the Watchers in DoIT. The TL may ask you who is on-call for a particular issue, and you should know the answer, and be able to page them.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>Do we have a representative from [X] on the call?</p>
|
||||||
|
<p>(pause)</p>
|
||||||
|
<p>Sysadmin, can you go ahead and page the [X] on-call please.</p>
|
||||||
|
</blockquote>
|
||||||
|
<p>You can page them however you see fit, phone call, etc.</p>
|
||||||
|
<h3 id="provide-executive-status-updates">Provide Executive Status Updates<a class="headerlink" href="#provide-executive-status-updates" title="Permanent link">#</a></h3>
|
||||||
|
<p>Provide regular status updates on Slack (roughly every 30mins), giving an executive summary of the current status during IN-3 incidents. Keep it short and to the point, and use @here. Mention the current state, the actions in progress, customer impact, and expected time remaining. It's OK to miss out some of those if the information isn't known.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>@here: We are in IN-3 due to X. Current actions in progress are to do Y. Expecting 3 mins to complete that action. Once action is complete, system should recover on its own within 5 minutes.</p>
|
||||||
|
</blockquote>
|
||||||
|
<h3 id="alert-tl-to-timers">Alert TL to Timers<a class="headerlink" href="#alert-tl-to-timers" title="Permanent link">#</a></h3>
|
||||||
|
<p>You are expected to keep track of how long the incident has been running for, and provide callouts to the TL every 10 minutes so they can take actions such as increasing the severity, or asking Support to Tweet out. This is as simple as telling the TL on the call,</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>TL, be advised the incident is now at the 10 minute mark.</p>
|
||||||
|
</blockquote>
|
||||||
|
<p>Similarly, when the TL asks for someone to get back to them in X minutes, you are expected to keep track of that. You should remind the TL when that time has been reached.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>TL, be advised the timer for [TEAM]'s investigation is up.</p>
|
||||||
|
</blockquote>
|
||||||
|
<aside class="copyright" role="note">
|
||||||
|
|
||||||
|
Copyright © Spearhead Systems, Inc. –
|
||||||
|
|
||||||
|
Documentation built with
|
||||||
|
<a href="http://www.mkdocs.org" target="_blank">MkDocs</a>
|
||||||
|
using the
|
||||||
|
<a href="http://squidfunk.github.io/mkdocs-material/" target="_blank">
|
||||||
|
Material
|
||||||
|
</a>
|
||||||
|
theme.
|
||||||
|
</aside>
|
||||||
|
|
||||||
|
<footer class="footer">
|
||||||
|
|
||||||
|
<nav class="pagination" aria-label="Footer">
|
||||||
|
<div class="previous">
|
||||||
|
|
||||||
|
<a href="../team_leader/" title="Team Leader">
|
||||||
|
<span class="direction">
|
||||||
|
Previous
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="button button-previous" role="button" aria-label="Previous">
|
||||||
|
<i class="icon icon-back"></i>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Team Leader
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="next">
|
||||||
|
|
||||||
|
<a href="../scribe/" title="Scribe">
|
||||||
|
<span class="direction">
|
||||||
|
Next
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Scribe
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-next" role="button" aria-label="Next">
|
||||||
|
<i class="icon icon-forward"></i>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
|
<div class="results" role="status" aria-live="polite">
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
<div class="meta"></div>
|
||||||
|
<div class="list"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
<script>
|
||||||
|
var base_url = '../..';
|
||||||
|
var repo_id = 'spearheadsys/issue-response-docs';
|
||||||
|
</script>
|
||||||
|
<script src="../../assets/javascripts/application-997097ee0c.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
833
training/team_leader/index.html
Normal file
@ -0,0 +1,833 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if lt IE 7 ]><html class="no-js ie6"><![endif]-->
|
||||||
|
<!--[if IE 7 ]><html class="no-js ie7"><![endif]-->
|
||||||
|
<!--[if IE 8 ]><html class="no-js ie8"><![endif]-->
|
||||||
|
<!--[if IE 9 ]><html class="no-js ie9"><![endif]-->
|
||||||
|
<!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
|
||||||
|
<title>Team Leader - Spearhead Systems Incident Response Documentation</title>
|
||||||
|
|
||||||
|
<!-- Author and License -->
|
||||||
|
<meta name="author" content="Spearhead Systems, Inc." />
|
||||||
|
<meta name="dcterms.license" content="http://www.apache.org/licenses/LICENSE-2.0" />
|
||||||
|
|
||||||
|
<!-- Page Description -->
|
||||||
|
|
||||||
|
<meta name="keywords" content="spearhead, incident, response" />
|
||||||
|
<meta name="robots" content="index, follow, noarchive" />
|
||||||
|
|
||||||
|
<!-- Mobile -->
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0" />
|
||||||
|
<meta name="theme-color" content="#1f293a" />
|
||||||
|
|
||||||
|
<!-- Canonical Link -->
|
||||||
|
<link rel="canonical" href="https://response.spearhead.systems/training/team_leader/">
|
||||||
|
|
||||||
|
<!-- Favicon -->
|
||||||
|
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
<link rel="icon" type="image/x-icon" href="../../assets/img/icon.png" />
|
||||||
|
|
||||||
|
<!-- Apple -->
|
||||||
|
<meta name="apple-mobile-web-app-title" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="apple-mobile-web-app-capable" content="yes" />
|
||||||
|
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
|
||||||
|
<link rel="apple-touch-icon" href="../../assets/img/icon.png">
|
||||||
|
|
||||||
|
<!-- Open Graph -->
|
||||||
|
<meta property="og:url" content="https://response.spearhead.systems/training/team_leader/" />
|
||||||
|
<meta property="og:title" content="Team Leader - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:site_name" content="Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta property="og:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta property="og:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
<meta property="og:locale" content="en_US" />
|
||||||
|
<meta property="og:type" content="website" />
|
||||||
|
|
||||||
|
<!-- Twitter -->
|
||||||
|
<meta name="twitter:card" content="summary_large_image" />
|
||||||
|
<meta name="twitter:title" content="Team Leader - Spearhead Systems Incident Response Documentation" />
|
||||||
|
<meta name="twitter:description" content="A collection of information about the Spearhead Systems incident response process. Not only how to prepare new employees for on-call responsibilities, but also how to handle major incidents, both in preparation and after-work." />
|
||||||
|
<meta name="twitter:image" content="https://response.spearhead.systems/assets/img/cover.png" />
|
||||||
|
|
||||||
|
<!-- Style -->
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Icon';
|
||||||
|
src: url('../../assets/fonts/icon.eot?52m981');
|
||||||
|
src: url('../../assets/fonts/icon.eot?#iefix52m981')
|
||||||
|
format('embedded-opentype'),
|
||||||
|
url('../../assets/fonts/icon.woff?52m981')
|
||||||
|
format('woff'),
|
||||||
|
url('../../assets/fonts/icon.ttf?52m981')
|
||||||
|
format('truetype'),
|
||||||
|
url('../../assets/fonts/icon.svg?52m981#icon')
|
||||||
|
format('svg');
|
||||||
|
font-weight: normal;
|
||||||
|
font-style: normal;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/application-a422ff04cc.css">
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/stylesheets/palettes-05ab2406df.css">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,700|Roboto+Mono">
|
||||||
|
<style>
|
||||||
|
body, input {
|
||||||
|
font-family: 'Roboto', Helvetica, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
pre, code {
|
||||||
|
font-family: 'Roboto Mono', 'Courier New', 'Courier', monospace;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../../assets/css/extra.css">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Scripts -->
|
||||||
|
<script src="../../assets/javascripts/modernizr-4ab42b99fd.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<body class="palette-primary-green palette-accent-blue-grey">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="backdrop">
|
||||||
|
<div class="backdrop-paper"></div>
|
||||||
|
</div>
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-drawer">
|
||||||
|
<input class="toggle" type="checkbox" id="toggle-search">
|
||||||
|
<label class="toggle-button overlay" for="toggle-drawer"></label>
|
||||||
|
<header class="header">
|
||||||
|
<nav aria-label="Header">
|
||||||
|
<div class="bar default">
|
||||||
|
<div class="button button-menu" role="button" aria-label="Menu">
|
||||||
|
<label class="toggle-button icon icon-menu" for="toggle-drawer">
|
||||||
|
<span></span>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="mainlogo">
|
||||||
|
<a href="/" title="Go to homepage.">
|
||||||
|
<img src="../../assets/img/logo.png" title="Spearhead Systems" />
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="title">
|
||||||
|
<span class="path">
|
||||||
|
Incident Response
|
||||||
|
<i class="icon icon-link"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="path">
|
||||||
|
|
||||||
|
|
||||||
|
Training <i class="icon icon-link"></i>
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
Team Leader
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-twitter" role="button" aria-label="Twitter">
|
||||||
|
<a href="https://twitter.com/spearhead_sys" title="@spearhead_sys on Twitter" target="_blank" class="toggle-button icon icon-twitter"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="button button-github" role="button" aria-label="GitHub">
|
||||||
|
<a href="https://github.com/spearheadsys" title="@spearheadsys on GitHub" target="_blank" class="toggle-button icon icon-github"></a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="button button-search" role="button" aria-label="Search">
|
||||||
|
<label class="toggle-button icon icon-search" title="Search" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="bar search">
|
||||||
|
<div class="button button-close" role="button" aria-label="Close">
|
||||||
|
<label class="toggle-button icon icon-back" for="toggle-search"></label>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="field">
|
||||||
|
<input class="query" type="text" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-reset" role="button" aria-label="Search">
|
||||||
|
<button class="toggle-button icon icon-close" id="reset-search"></button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<main class="main">
|
||||||
|
|
||||||
|
<div class="drawer">
|
||||||
|
<nav aria-label="Navigation">
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs" class="project">
|
||||||
|
<div class="banner">
|
||||||
|
|
||||||
|
<div class="logo">
|
||||||
|
<img src="../../assets/img/icon.png">
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="name">
|
||||||
|
<strong>
|
||||||
|
Spearhead Systems Incident Response Documentation
|
||||||
|
<span class="version">
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</strong>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
spearheadsys/issue-response-docs
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<ul class="repo">
|
||||||
|
<li class="repo-download">
|
||||||
|
|
||||||
|
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/archive/master.zip" target="_blank" title="Download" data-action="download">
|
||||||
|
<i class="icon icon-download"></i> Download
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
<li class="repo-stars">
|
||||||
|
<a href="https://github.com/spearheadsys/issue-response-docs/stargazers" target="_blank" title="Stargazers" data-action="star">
|
||||||
|
<i class="icon icon-star"></i> Stars
|
||||||
|
<span class="count">–</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Home" href="../..">
|
||||||
|
Home
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">On-Call</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Being On-Call" href="../../oncall/being_oncall/">
|
||||||
|
Being On-Call
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Alerting Principles" href="../../oncall/alerting_principles/">
|
||||||
|
Alerting Principles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Before an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Severity Levels" href="../../before/severity_levels/">
|
||||||
|
Severity Levels
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Different Roles" href="../../before/different_roles/">
|
||||||
|
Different Roles
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Call Etiquette" href="../../before/call_etiquette/">
|
||||||
|
Call Etiquette
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">During an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="During An Incident" href="../../during/during_an_incident/">
|
||||||
|
During An Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Security Incident" href="../../during/security_incident_response/">
|
||||||
|
Security Incident
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">After an Incident</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Process" href="../../after/post_mortem_process/">
|
||||||
|
Post-Mortem Process
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Post-Mortem Template" href="../../after/post_mortem_template/">
|
||||||
|
Post-Mortem Template
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<span class="section">Training</span>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Overview" href="../overview/">
|
||||||
|
Overview
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="current" title="Team Leader" href="./">
|
||||||
|
Team Leader
|
||||||
|
</a>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Purpose" href="#purpose">
|
||||||
|
Purpose
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Prerequisites" href="#prerequisites">
|
||||||
|
Prerequisites
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Responsibilities" href="#responsibilities">
|
||||||
|
Responsibilities
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Qualities" href="#qualities">
|
||||||
|
Qualities
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Training Process" href="#training-process">
|
||||||
|
Training Process
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Graduation" href="#graduation">
|
||||||
|
Graduation
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Handling Incidents" href="#handling-incidents">
|
||||||
|
Handling Incidents
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Sysadmin" href="#sysadmin">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Communication Responsibilities" href="#communication-responsibilities">
|
||||||
|
Communication Responsibilities
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Incident Call Procedures and Lingo" href="#incident-call-procedures-and-lingo">
|
||||||
|
Incident Call Procedures and Lingo
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="anchor">
|
||||||
|
<a title="Examples From Pop Culture" href="#examples-from-pop-culture">
|
||||||
|
Examples From Pop Culture
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Sysadmin" href="../sysadmin/">
|
||||||
|
Sysadmin
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Scribe" href="../scribe/">
|
||||||
|
Scribe
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Subject Matter Expert" href="../subject_matter_expert/">
|
||||||
|
Subject Matter Expert
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="Glossary" href="../glossary/">
|
||||||
|
Glossary
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a class="" title="About" href="../../about/">
|
||||||
|
About
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
</div>
|
||||||
|
<article class="article">
|
||||||
|
<div class="wrapper">
|
||||||
|
|
||||||
|
<h1>Team Leader</h1>
|
||||||
|
|
||||||
|
<p>So you want to be a team leader? You've come to the right place! You don't need to be a senior team member to become a TL, anyone can do it providing you have the requisite knowledge (yes, even an intern)!</p>
|
||||||
|
<p><img alt="Gene Kranz" src="../../assets/img/headers/gene_kranz.jpg" />
|
||||||
|
<em>Credit: <a href="https://en.wikipedia.org/wiki/File:Eugene_F._Kranz_at_his_console_at_the_NASA_Mission_Control_Center.jpg">NASA</a></em></p>
|
||||||
|
<h2 id="purpose">Purpose<a class="headerlink" href="#purpose" title="Permanent link">#</a></h2>
|
||||||
|
<p>If you could boil down the definition of an Team Leader to one sentence, it would be,</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>Take whatever actions are necessary to deliver projects and resolve issues for Spearhead Systems and customers.</p>
|
||||||
|
</blockquote>
|
||||||
|
<p>The purpose of the Team Leader is to be the decision maker during an major incident; Delegating tasks and listening to input from subject matter experts in order to bring the incident to resolution.</p>
|
||||||
|
<p>The Team Leader becomes the highest ranking individual on any major incident call, regardless of their day-to-day rank. Their decisions made as commander are final.</p>
|
||||||
|
<p>Your job as an TL is to listen to the call, closely monitor and update DoIT and to watch the incident Slack room in order to provide clear coordination, recruiting others to gather context/details. <strong>You should not be performing any actions or remediations, checking graphs, or investigating logs.</strong> Those tasks should be delegated.</p>
|
||||||
|
<h2 id="prerequisites">Prerequisites<a class="headerlink" href="#prerequisites" title="Permanent link">#</a></h2>
|
||||||
|
<p>Before you can be an Team Leader, it is expected that you meet the following criteria. Don't worry if you don't meet them all yet, you can still continue with training!</p>
|
||||||
|
<ul>
|
||||||
|
<li>Has <strong>excellent knowledge of the systems we work with</strong> and is able to quickly evaluate good vs bad options, and quickly identify what's actually going on.</li>
|
||||||
|
<li>Been at Spearhead Systems for at least 6 months and has a <strong>solid understanding of the incident notification pipeline, automations and web stack</strong>.</li>
|
||||||
|
<li>Excellent verbal and written <strong>communication skills</strong>.</li>
|
||||||
|
<li>Has <strong>knowledge of obscure Spearhead terms</strong>.</li>
|
||||||
|
<li>Has gravitas and is <strong>willing to kick people off a call</strong> to remove distractions, even if it's the CEO.</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="responsibilities">Responsibilities<a class="headerlink" href="#responsibilities" title="Permanent link">#</a></h2>
|
||||||
|
<p>Read up on our <a href="../../before/different_roles/">Different Roles for Incidents</a> to see what is expected from a Team Leader, as well as what we expect from the other roles you'll be interacting with.</p>
|
||||||
|
<h2 id="qualities">Qualities<a class="headerlink" href="#qualities" title="Permanent link">#</a></h2>
|
||||||
|
<p>Some qualities we expect from an effective leader include being able to:</p>
|
||||||
|
<ul>
|
||||||
|
<li>Take command.</li>
|
||||||
|
<li>Motivate responders.</li>
|
||||||
|
<li>Communicate clear directions.</li>
|
||||||
|
<li>Size up the situation and make rapid decisions.</li>
|
||||||
|
<li>Assess the effectiveness of tactics/strategies.</li>
|
||||||
|
<li>Be flexible and modify your plans as necessary.</li>
|
||||||
|
</ul>
|
||||||
|
<p>As a leader, you should try to:</p>
|
||||||
|
<ul>
|
||||||
|
<li>Be proficient in your job.</li>
|
||||||
|
<li>Make sound and timely decisions.</li>
|
||||||
|
<li>Ensure tasks are understood.</li>
|
||||||
|
<li>Be prepared to step out of a tactical role to assume a leadership role.</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="training-process">Training Process<a class="headerlink" href="#training-process" title="Permanent link">#</a></h2>
|
||||||
|
<p>The process is fairly loose for now. Here's a list of things you can do to train though,</p>
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<p>Read the rest of this page, particularly the sections below.</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Participate in <a href="https://dod.spearhead.systems/">Definition of Done</a> (DoD).</p>
|
||||||
|
<ul>
|
||||||
|
<li>Shadow a DoD to see how it's run.</li>
|
||||||
|
<li>Be the scribe for multiple DoD's.</li>
|
||||||
|
<li>Be the team leader for multiple DoD's.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Play a game of "<a href="http://www.keeptalkinggame.com/">Keep Talking and Nobody Explodes</a>" with other people in the office.</p>
|
||||||
|
<ul>
|
||||||
|
<li>For a more realistic experience, play it with someone in a different office over Hangouts.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Shadow a current team leader for at least a full week shift.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Get alerted when they do, join in on the same calls.</li>
|
||||||
|
<li>Sit in on an active incident call, follow along with the chat, and follow along with what the Team Leader is doing.</li>
|
||||||
|
<li><strong>Do not actively participate in the call, keep your questions until the end.</strong></li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Reverse shadow a current team leader for at least a full week shift.</p>
|
||||||
|
<ul>
|
||||||
|
<li>You should be the one to respond to incidents, and you will take point on calls, however the current TL will be there to take over should you not know how to proceed.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="graduation">Graduation<a class="headerlink" href="#graduation" title="Permanent link">#</a></h2>
|
||||||
|
<p>What's the difference between an TL in training, and an TL? (This isn't the set up to a joke). Simple, a TL puts themselves on the schedule.</p>
|
||||||
|
<h2 id="handling-incidents">Handling Incidents<a class="headerlink" href="#handling-incidents" title="Permanent link">#</a></h2>
|
||||||
|
<p>Every incident is different (we're hopefully not repeating the same issue multiple times!), but there's a common process you can apply to each one.</p>
|
||||||
|
<ol>
|
||||||
|
<li>
|
||||||
|
<p><strong>Identify the symptoms.</strong></p>
|
||||||
|
<ul>
|
||||||
|
<li>Identify what the symptoms are, how big the issue is, and whether it's escalating/flapping/static.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p><strong>Size-up the situation.</strong></p>
|
||||||
|
<ul>
|
||||||
|
<li>Gather as much information as you can, as quickly as you can (remember the incident is still happening while you're doing this).</li>
|
||||||
|
<li>Get the facts, the possibilities of what can happen, and the probability of those things happening.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p><strong>Stabilize the incident.</strong></p>
|
||||||
|
<ul>
|
||||||
|
<li>Identify actions you can use to proceed.</li>
|
||||||
|
<li>Gather support for the plan (See "Polling During a Decision" below).</li>
|
||||||
|
<li>Delegate remediation actions to your SME's.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p><strong>Provide regular updates.</strong></p>
|
||||||
|
<ul>
|
||||||
|
<li>Maintain a cadence, and provide regular updates to everyone on the call.</li>
|
||||||
|
<li>What's happening, what are we doing about it, etc.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
<h2 id="sysadmin">Sysadmin<a class="headerlink" href="#sysadmin" title="Permanent link">#</a></h2>
|
||||||
|
<p>The sysadmin for an incident is generally the backup Team Leader. However, as a Team Leader, you may appoint one or more Sysadmins. Note that Sysadmins must be as qualified as the Team Leader, and that if a Sysadmin is assigned, he or she must be fully qualified to assume the Team Leaders’s position if required.</p>
|
||||||
|
<h2 id="communication-responsibilities">Communication Responsibilities<a class="headerlink" href="#communication-responsibilities" title="Permanent link">#</a></h2>
|
||||||
|
<p>Sharing information during an incident is a critical process. As a Team Leader (or Sysadmin), you should be prepared to brief others as necessary. You will also be required to communicate your intentions and decisions clearly so that there is no ambiguity in your commands.</p>
|
||||||
|
<p>When given information from a responder, you should clearly acknowledge that you have received and understood their message, so that the responder can be confident in moving on to other tasks.</p>
|
||||||
|
<p>After an incident, you should communicate with other training Team Leader on any debrief actions you feel are necessary.</p>
|
||||||
|
<h2 id="incident-call-procedures-and-lingo">Incident Call Procedures and Lingo<a class="headerlink" href="#incident-call-procedures-and-lingo" title="Permanent link">#</a></h2>
|
||||||
|
<p>The <a href="../../during/during_an_incident/">Steps for Incident Commander</a> provide a detailed description of what you should be doing during an incident.</p>
|
||||||
|
<p>Additionally, aside from following the <a href="../../before/call_etiquette/">usual incident call etiquette</a>, there a few extra etiquette guidelines you should follow as TL:</p>
|
||||||
|
<ul>
|
||||||
|
<li>Always announce when you join the call if you are the on-call TL.</li>
|
||||||
|
<li>Don't let discussions get out of hand. Keep conversations short.</li>
|
||||||
|
<li>Note objections from others, but your call is final.</li>
|
||||||
|
<li>If anyone is being actively disruptive to your call, kick them off.</li>
|
||||||
|
<li>Announce the end of the call.</li>
|
||||||
|
</ul>
|
||||||
|
<p>Here are some examples of phrases and patterns you should use during incident calls.</p>
|
||||||
|
<h3 id="start-of-call-announcement">Start of Call Announcement<a class="headerlink" href="#start-of-call-announcement" title="Permanent link">#</a></h3>
|
||||||
|
<p>At the start of any major incident call, the incident commander should announce the following,</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>This is [NAME], I am the Team Leader for this call.</p>
|
||||||
|
</blockquote>
|
||||||
|
<p>This establishes to everyone on the call what your name is, and that you are now the commander. You should state "Team Leader" and not "TL", as newcomers may not be familiar with the terminology yet. The word "leader" makes it very clear that you're in charge.</p>
|
||||||
|
<h3 id="start-of-incident-tl-not-present">Start of Incident, TL Not Present<a class="headerlink" href="#start-of-incident-tl-not-present" title="Permanent link">#</a></h3>
|
||||||
|
<p>If you are trained to be an TL and have joined a call, even if you aren't the TL on-call, you should do the following,</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>Is there a TL on the call?</p>
|
||||||
|
<p>(pause)</p>
|
||||||
|
<p>Hearing no response, this is [NAME], and I am now the Team Leader for this call.</p>
|
||||||
|
</blockquote>
|
||||||
|
<p>If the on-call TL joins later, you may hand over to them at your discretion (see below for the hand-off procedure)</p>
|
||||||
|
<h3 id="checking-if-smes-are-present">Checking if SME's are Present<a class="headerlink" href="#checking-if-smes-are-present" title="Permanent link">#</a></h3>
|
||||||
|
<p>During a call, you will want to know who is available from the various teams in order to resolve the incident. Etiquette dictates that people should announce themselves, but sometimes you may be joining late to the call. If you need a representative from a team, just ask on the call. Your deputy can page one if no one answers.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>Do we have a representative from [X] on the call?</p>
|
||||||
|
<p>(pause)</p>
|
||||||
|
<p>Deputy, can you go ahead and page the [X] on-call please.</p>
|
||||||
|
</blockquote>
|
||||||
|
<h3 id="assigning-tasks">Assigning Tasks<a class="headerlink" href="#assigning-tasks" title="Permanent link">#</a></h3>
|
||||||
|
<p>When you need to give out an assignment or task, give it to a person directly, never say "can someone do..." as this leads to the <a href="https://en.wikipedia.org/wiki/Bystander_effect">bystander effect</a>. Instead, all actions should be assigned to a specific person, and time-boxed with a specific number of minutes.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>TL: Bob, please investigate the high latency on web app boxes. I'll come back to you for an answer in 3 minutes.</p>
|
||||||
|
<p>Bob: Understood</p>
|
||||||
|
</blockquote>
|
||||||
|
<p>Keep track of how many minutes you assigned, and check in with that person after that time. You can get help from your deputy to help track the timings.</p>
|
||||||
|
<h3 id="polling-during-a-decision">Polling During a Decision<a class="headerlink" href="#polling-during-a-decision" title="Permanent link">#</a></h3>
|
||||||
|
<p>If a decision needs to be made, it comes down to the TL. Once the TL makes a decision, it is final. But it's important that no one can come later and object to the plan, saying things like "I knew that would happen". A TL will use very specific language to be sure that doesn't happen.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>The proposal is to [EXPLAIN PROPOSAL]</p>
|
||||||
|
<p>Are there any strong objections to this plan?</p>
|
||||||
|
<p>(pause)</p>
|
||||||
|
<p>Hearing no objects, we are proceeding with this proposal.</p>
|
||||||
|
</blockquote>
|
||||||
|
<p>If you were to ask "Does everyone agree?", you'd get people speaking over each other, you'd have quiet people not speaking up, etc. Asking for any STRONG objections gives people the chance to object, but only if they feel strongly on the matter.</p>
|
||||||
|
<h3 id="status-updates">Status Updates<a class="headerlink" href="#status-updates" title="Permanent link">#</a></h3>
|
||||||
|
<p>It's important to maintain a cadence during a major incident call. Whenever there is a lull in the proceedings, usually because you're waiting for someone to get back to you, you can fill the gap by explaining the current situation and the actions that are outstanding. This makes sure everyone is on the same page.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>While we wait for [X], here's an update of our current situation.</p>
|
||||||
|
<p>We are currently in a IN-3 situation, we believe to be caused by [X]. There's an open question to [Y] who will be getting back to us in 2 minutes. In the meantime, we have Tweeted out that we are experiencing issues. Our next Tweet will be in 10 minutes if the incident is still ongoing at that time.</p>
|
||||||
|
<p>Are there any additional actions or proposals from anyone else at this time?</p>
|
||||||
|
</blockquote>
|
||||||
|
<h3 id="transfer-of-command">Transfer of Command<a class="headerlink" href="#transfer-of-command" title="Permanent link">#</a></h3>
|
||||||
|
<p>Transfer of command, involves (as the name suggests) transferring command to another Team Leader or even a Sysadmin. There are multiple reasons why a transfer of command might take place,</p>
|
||||||
|
<ul>
|
||||||
|
<li>TL has become fatigued and is unable to continue.</li>
|
||||||
|
<li>Incident complexity changes.</li>
|
||||||
|
<li>Change of command is necessary for effectiveness or efficiency.</li>
|
||||||
|
<li>Personal emergencies arise (e.g., TL has a family emergency).</li>
|
||||||
|
</ul>
|
||||||
|
<p>Never feel like you are not doing your job properly by handing over. Handovers are encouraged. In order to handover, out of band from the main call (via Slack for example), notify the other TL that you wish to transfer command. Update them with anything you feel appropriate. Then announce on the call,</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>Everyone on the call, be advised, at this time I am handing over command to [X].</p>
|
||||||
|
</blockquote>
|
||||||
|
<p>The new TL should then announce on the call as if they were joining a new call (see above), so that everyone is aware of the new commander.</p>
|
||||||
|
<p>Note that the arrival of a more qualified person does NOT necessarily mean a change in incident command.</p>
|
||||||
|
<h3 id="maintaining-order">Maintaining Order<a class="headerlink" href="#maintaining-order" title="Permanent link">#</a></h3>
|
||||||
|
<p>Often times on a call people will be talking over one another, or an argument on the correct way to proceed may break out. As Team Leader it's important that order is maintained on a call. The ITeam Leader has the power to remove someone from the call if necessary (even if it's the CEO). But often times you just need to remind people to speak one at a time. Sometimes the discussion can be healthy even if it starts as an argument, but you shouldn't let it go on for too long.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>(noise)</p>
|
||||||
|
<p>Ok everyone, can we all speak one at a time please. So far I'm hearing two options to proceed: 1) [X], 2) [Y].</p>
|
||||||
|
<p>Are there any other proposals someone would like to make at this time?</p>
|
||||||
|
<p>...etc</p>
|
||||||
|
</blockquote>
|
||||||
|
<h3 id="getting-straight-answers">Getting Straight Answers<a class="headerlink" href="#getting-straight-answers" title="Permanent link">#</a></h3>
|
||||||
|
<p>You may ask a question as TL and receive an answer that doesn't actually answer your question. This is generally when you ask for a yes/no answer but get a more detailed explanation. This can often times be because the person doesn't understand the call etiquette. But if it continues, you need to take action in order to proceed.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>TL: Is this going to disable the service for everyone?</p>
|
||||||
|
<p>SME: Well... for some people it....</p>
|
||||||
|
<p>TL: Stop. I need a yes/no answer. Is this going to disable the service for everyone?</p>
|
||||||
|
<p>SME: Well... it might not do...</p>
|
||||||
|
<p>TL: Stop. I'm going to ask again, and the only two words I want to hear from you are "yes" or "no. If this going to disable the service for everyone?</p>
|
||||||
|
<p>SME: Well.. like I was saying..</p>
|
||||||
|
<p>TL: Stop. Leave the call. Backup TL can you please page the backup on-call for [service] so that we can get an answer.</p>
|
||||||
|
</blockquote>
|
||||||
|
<h3 id="executive-swoop">Executive Swoop<a class="headerlink" href="#executive-swoop" title="Permanent link">#</a></h3>
|
||||||
|
<p>You may get someone who would be senior to you during peacetime come on the call and start overriding your decisions as TL. This is unacceptable behaviour during wartime, as the TL is in command. While this is rare, you can get things back on track with the following,</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>Executive: No, I don't want us doing that. Everyone stop. We need to rollback instead.</p>
|
||||||
|
<p>TL: Hold please. [EXECUTIVE], do you wish to take over command?</p>
|
||||||
|
<p>Executive: Yes/No</p>
|
||||||
|
<p>(If yes) TL: Understood. Everyone on the call, be advised, at this time I am handling over command to [EXECUTIVE]. They are now the team leader for this call.</p>
|
||||||
|
<p>(If no) TL: In that case, please cause no further interruptions or I will remove you from the call.</p>
|
||||||
|
</blockquote>
|
||||||
|
<p>This makes it clear to the executive that they have the option of being in charge and making decisions, but in order to do so they must continue as an Team Leader. If they refuse, then remind them that you are in charge and disruptive interruptions will not be tolerated. If they continue, remove them from the call.</p>
|
||||||
|
<h3 id="end-of-call-sign-off">End of Call Sign-Off<a class="headerlink" href="#end-of-call-sign-off" title="Permanent link">#</a></h3>
|
||||||
|
<p>At the end of an incident, you should announce to everyone on the call that you are ending the call at this time, and provide information on where followup discussion can take place. It's also customary to thank everyone.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>Ok everyone, we're ending the call at this time. Please continue any followup discussion in DoIT and on Slack. Thanks everyone.</p>
|
||||||
|
</blockquote>
|
||||||
|
<h2 id="examples-from-pop-culture">Examples From Pop Culture<a class="headerlink" href="#examples-from-pop-culture" title="Permanent link">#</a></h2>
|
||||||
|
<p>Spearhead Systems employees have access to almost all previous incident calls, and can listen/read them at their discretion. Here are some short examples from popular culture to show the techniques at work.</p>
|
||||||
|
<hr />
|
||||||
|
<iframe width="560" height="315" src="https://www.youtube.com/embed/gmLgi5mdTVo" frameborder="0" allowfullscreen></iframe>
|
||||||
|
|
||||||
|
<p>Here's a clip from the movie Apollo 13, where Gene Kranz (Flight Director / Incident Commander) shows some great examples of Incident Command. Here are some things to note:</p>
|
||||||
|
<ul>
|
||||||
|
<li>Walks into the room, and immediately obvious that he's the TL. Calms the noise, and makes sure everyone is paying attention.</li>
|
||||||
|
<li>Provides a status update so people are aware of the situation.</li>
|
||||||
|
<li>Projector breaks, doesn't get sidetracked on fixing it, just moves on to something else.</li>
|
||||||
|
<li>Provides a proposal for how to proceed and elicits feedback.<ul>
|
||||||
|
<li>Listens to the feedback calmly.</li>
|
||||||
|
<li>When counter-proposal is raised, states that he agrees and why.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>Allows a discussion to happen, listens to all points. When discussion gets out of hand, re-asserts command of the situation.<ul>
|
||||||
|
<li>Explains his decision, and why.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>Explains his full plan and decision, so everyone is on the same page.</li>
|
||||||
|
</ul>
|
||||||
|
<hr />
|
||||||
|
<iframe width="560" height="315" src="https://www.youtube.com/embed/KhoXFVQsIxw" frameborder="0" allowfullscreen></iframe>
|
||||||
|
|
||||||
|
<p>Another clip from Apollo 13. Things to note:</p>
|
||||||
|
<ul>
|
||||||
|
<li>Summarizes the situation, and states the facts.</li>
|
||||||
|
<li>Listens to the feedback from various people.</li>
|
||||||
|
<li>When a trusted SME provides information counter to what everyone else is saying, asks for additional clarification ("What do you mean, everything?")</li>
|
||||||
|
<li>Wise cracking remarks are not acknowledged by the TL ("You can't run a vacuum cleaner on 12 amps!")</li>
|
||||||
|
<li>"That's the deal?".. "That's the deal".</li>
|
||||||
|
<li>Once decision is made, moves on to the next discussion.</li>
|
||||||
|
<li>Delegates tasks.</li>
|
||||||
|
</ul>
|
||||||
|
<aside class="copyright" role="note">
|
||||||
|
|
||||||
|
Copyright © Spearhead Systems, Inc. –
|
||||||
|
|
||||||
|
Documentation built with
|
||||||
|
<a href="http://www.mkdocs.org" target="_blank">MkDocs</a>
|
||||||
|
using the
|
||||||
|
<a href="http://squidfunk.github.io/mkdocs-material/" target="_blank">
|
||||||
|
Material
|
||||||
|
</a>
|
||||||
|
theme.
|
||||||
|
</aside>
|
||||||
|
|
||||||
|
<footer class="footer">
|
||||||
|
|
||||||
|
<nav class="pagination" aria-label="Footer">
|
||||||
|
<div class="previous">
|
||||||
|
|
||||||
|
<a href="../overview/" title="Overview">
|
||||||
|
<span class="direction">
|
||||||
|
Previous
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="button button-previous" role="button" aria-label="Previous">
|
||||||
|
<i class="icon icon-back"></i>
|
||||||
|
</div>
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Overview
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="next">
|
||||||
|
|
||||||
|
<a href="../sysadmin/" title="Sysadmin">
|
||||||
|
<span class="direction">
|
||||||
|
Next
|
||||||
|
</span>
|
||||||
|
<div class="page">
|
||||||
|
<div class="stretch">
|
||||||
|
<div class="title">
|
||||||
|
Sysadmin
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="button button-next" role="button" aria-label="Next">
|
||||||
|
<i class="icon icon-forward"></i>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
|
<div class="results" role="status" aria-live="polite">
|
||||||
|
<div class="scrollable">
|
||||||
|
<div class="wrapper">
|
||||||
|
<div class="meta"></div>
|
||||||
|
<div class="list"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
<script>
|
||||||
|
var base_url = '../..';
|
||||||
|
var repo_id = 'spearheadsys/issue-response-docs';
|
||||||
|
</script>
|
||||||
|
<script src="../../assets/javascripts/application-997097ee0c.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|