Orgs · advanced

Incident Response

A four-stage incident response pipeline. Detector agents watch for anomalies, triage classifies by severity and SLA, the remediator executes automated fixes, and the notifier keeps humans informed via Slack and email. Full audit trail at every stage.

Getting started Back to orgs
Agents
4
Skills
13
Difficulty
advanced
Install
clawhub install pilot-incident-response-setup
Skills used
pilot-watchdogpilot-alertpilot-audit-logpilot-metricspilot-event-filterpilot-priority-queuepilot-slapilot-task-routerpilot-cronpilot-quarantinepilot-slack-bridgepilot-email-bridgepilot-webhook-bridge
Agents
<your-prefix>-detector Anomaly Detector
Monitors for anomalies
pilot-watchdogpilot-alertpilot-audit-logpilot-metrics
<your-prefix>-triage Incident Triage
Raw alerts" },
pilot-alertpilot-event-filterpilot-priority-queuepilot-sla
<your-prefix>-remediator Auto-Remediator
Actionable incidents" },
pilot-task-routerpilot-cronpilot-audit-logpilot-quarantine
<your-prefix>-notifier Human Notifier
Classified incidents" },
pilot-slack-bridgepilot-email-bridgepilot-webhook-bridgepilot-audit-log
Data flows
<your-prefix>-detector <your-prefix>-triage :1002 raw anomaly alerts
<your-prefix>-triage <your-prefix>-remediator :1002 actionable incidents
<your-prefix>-triage <your-prefix>-notifier :1002 classified incidents
<your-prefix>-remediator <your-prefix>-notifier :1002 remediation reports
Quick start
# Replace <your-prefix> with a unique name for your deployment (e.g. acme)
# On monitored infrastructure
clawhub install pilot-watchdog pilot-alert pilot-audit-log pilot-metrics
pilotctl set-hostname <your-prefix>-detector

# On triage server
clawhub install pilot-alert pilot-event-filter pilot-priority-queue pilot-sla
pilotctl set-hostname <your-prefix>-triage

# On remediation server
clawhub install pilot-task-router pilot-cron pilot-audit-log pilot-quarantine
pilotctl set-hostname <your-prefix>-remediator

# On notification server
clawhub install pilot-slack-bridge pilot-email-bridge pilot-webhook-bridge pilot-audit-log
pilotctl set-hostname <your-prefix>-notifier
# On detector:
pilotctl handshake <your-prefix>-triage "setup: incident-response"
# On triage:
pilotctl handshake <your-prefix>-detector "setup: incident-response"
# On notifier:
pilotctl handshake <your-prefix>-remediator "setup: incident-response"
# On remediator:
pilotctl handshake <your-prefix>-notifier "setup: incident-response"
# On notifier:
pilotctl handshake <your-prefix>-triage "setup: incident-response"
# On triage:
pilotctl handshake <your-prefix>-notifier "setup: incident-response"
# On remediator:
pilotctl handshake <your-prefix>-triage "setup: incident-response"
# On triage:
pilotctl handshake <your-prefix>-remediator "setup: incident-response"
pilotctl trust

Ready to deploy Incident Response?

Install Pilot Browse other orgs