Incident Response Workflow

Security/operational incident response with detection, containment, investigation, and post-mortem

Complexity: Complex | Duration: 30m+ | Category: Professional/Hr

Tags: #incident-response #security #post-mortem #investigation #communication

Workflow Diagram

Steps

Step 1: Detect incident

Agent: security

analyst - Identify security breach, outage, data loss, etc.

Step 2: Assess severity

Agent: incident

commander - Categorize as P0/P1/P2 based on impact

Step 3: Assemble response team

Agent: incident

commander - Page on-call engineers, security, legal, comms

Step 4: Contain incident

Agent: security

analyst - Isolate affected systems, stop the bleeding

Step 5: Investigate root cause

Agent: forensics

specialist - Analyze logs, determine how incident occurred

Step 6: Communicate

Agent: communications

specialist - Notify customers, regulators, employees as required

Step 7: Remediate

Agent: incident

commander - Fix root cause, restore service

Step 8: Post

Agent: mortem

post-mortem-facilitator - Document timeline, root cause, action items

Step 9: Implement improvements

Agent: incident

commander - Apply learnings to prevent recurrence

Usage

To execute this workflow:

/workflow professional/hr/incident-response-workflow.workflow

See other workflows in this category for related automation patterns.

Workflow Diagram​

Steps​

Step 1: Detect incident​

Step 2: Assess severity​

Step 3: Assemble response team​

Step 4: Contain incident​

Step 5: Investigate root cause​

Step 6: Communicate​

Step 7: Remediate​

Step 8: Post​

Step 9: Implement improvements​

Usage​

Related Workflows​

Workflow Diagram

Steps

Step 1: Detect incident

Step 2: Assess severity

Step 3: Assemble response team

Step 4: Contain incident

Step 5: Investigate root cause

Step 6: Communicate

Step 7: Remediate

Step 8: Post

Step 9: Implement improvements

Usage

Related Workflows