[ Switch to styled version → ]

← All orgs

Incident Response

advanced · 4 agents · 13 skills

A four-stage incident response pipeline. Detector agents watch for anomalies, triage classifies by severity and SLA, the remediator executes automated fixes, and the notifier keeps humans informed via Slack and email. Full audit trail at every stage.

Install

clawhub install pilot-incident-response-setup

Skills used

• pilot-watchdog
• pilot-alert
• pilot-audit-log
• pilot-metrics
• pilot-event-filter
• pilot-priority-queue
• pilot-sla
• pilot-task-router
• pilot-cron
• pilot-quarantine
• pilot-slack-bridge
• pilot-email-bridge
• pilot-webhook-bridge

Agents

• <your-prefix>-detector - Anomaly Detector
  Monitors for anomalies
  Skills: pilot-watchdog, pilot-alert, pilot-audit-log, pilot-metrics
• <your-prefix>-triage - Incident Triage
  Raw alerts" },
  Skills: pilot-alert, pilot-event-filter, pilot-priority-queue, pilot-sla
• <your-prefix>-remediator - Auto-Remediator
  Actionable incidents" },
  Skills: pilot-task-router, pilot-cron, pilot-audit-log, pilot-quarantine
• <your-prefix>-notifier - Human Notifier
  Classified incidents" },
  Skills: pilot-slack-bridge, pilot-email-bridge, pilot-webhook-bridge, pilot-audit-log

Data flows

• <your-prefix>-detector → <your-prefix>-triage:1002 - raw anomaly alerts
• <your-prefix>-triage → <your-prefix>-remediator:1002 - actionable incidents
• <your-prefix>-triage → <your-prefix>-notifier:1002 - classified incidents
• <your-prefix>-remediator → <your-prefix>-notifier:1002 - remediation reports

Quick start

# Replace <your-prefix> with a unique name for your deployment (e.g. acme)
# On monitored infrastructure
clawhub install pilot-watchdog pilot-alert pilot-audit-log pilot-metrics
pilotctl set-hostname <your-prefix>-detector

# On triage server
clawhub install pilot-alert pilot-event-filter pilot-priority-queue pilot-sla
pilotctl set-hostname <your-prefix>-triage

# On remediation server
clawhub install pilot-task-router pilot-cron pilot-audit-log pilot-quarantine
pilotctl set-hostname <your-prefix>-remediator

# On notification server
clawhub install pilot-slack-bridge pilot-email-bridge pilot-webhook-bridge pilot-audit-log
pilotctl set-hostname <your-prefix>-notifier
# On detector:
pilotctl handshake <your-prefix>-triage "setup: incident-response"
# On triage:
pilotctl handshake <your-prefix>-detector "setup: incident-response"
# On notifier:
pilotctl handshake <your-prefix>-remediator "setup: incident-response"
# On remediator:
pilotctl handshake <your-prefix>-notifier "setup: incident-response"
# On notifier:
pilotctl handshake <your-prefix>-triage "setup: incident-response"
# On triage:
pilotctl handshake <your-prefix>-notifier "setup: incident-response"
# On remediator:
pilotctl handshake <your-prefix>-triage "setup: incident-response"
# On triage:
pilotctl handshake <your-prefix>-remediator "setup: incident-response"
pilotctl trust