/incident-response

Invokes incident response playbook for managing security or operational incidents. Uses shortcut 'sir' for quick access.

Orchestrates incident response for specified <incident> using SRE best practices, supporting optional [phase] like triage or postmortem.

Guides interactive incident response workflow: triage severity, mitigate issues, perform root cause analysis with 5 Whys, resolve, and generate post-mortem documentation. Also supports SEV1 and post-mortem modes.

Investigates a Huntress incident by ID: retrieves details, affected hosts, timeline, remediations, and recommends approval or rejection with next steps.

Provides DORA guidance on classifying and reporting major ICT incidents by severity (major, non-major, cyber-threat) and stage (initial, intermediate, final, update).

Orchestrates phased multi-agent response to production incidents: assesses severity, troubleshoots, debugs root cause, implements fixes, deploys, stabilizes, and prevents recurrence.