Incident Response

When something goes wrong, follow these UI‑driven steps to contain and resolve the issue.

1. Triage

   • Use the Dashboard to check recent system status and alerts.
   • Open the Incident form (top-right bell icon) and record a brief summary.
   • Assign an incident owner by selecting a user from the dropdown.

2. Containment

   • If credentials are involved, go to Admin → Users, select affected accounts, and click Revoke sessions or Reset password.
   • For compromised API keys, open Admin → API Keys, revoke the key, and generate a new one.

3. Investigation

   • Head to Admin → Audit Logs and filter by the suspected time window and users.
   • Review the logs panel and export if needed.
   • Check Admin → Metrics for spikes or errors.

4. Remediation

   • Use the built-in Deploy button on the dashboard to roll out a hotfix (if your deployment pipeline is configured).
   • After deployment, rerun any failing smoke tests from Admin → Health Checks.

5. Postmortem

   • Add notes to the incident record and tag stakeholders.
   • Export relevant audit logs and attach to the incident.
   • Close the incident when complete.

Contacts

• On‑call: view schedule via the bell icon.
• Support: send a message via the chat widget or email ops@your-org.example.