- Home
- Skills
- Nik Kale
- Sre Skills
- Incident Response
incident-response_skill
0
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill nik-kale/sre-skills --skill incident-response- SKILL.md6.4 KB
Overview
This skill guides a structured, repeatable approach to investigating and production incidents, from initial triage to post-incident review. It focuses on fast impact reduction, clear data collection, and a blameless root cause analysis to prevent recurrence. Use it to coordinate responders, gather evidence, and drive timely mitigations during outages or degradations.
How this skill works
Start with a rapid triage checklist to confirm the incident, identify affected services, and set severity. Collect key telemetry (metrics, logs, traces), construct a timeline, and correlate recent changes. Apply quick mitigation options to stop the bleeding, then perform a root cause analysis only after stability is restored. Complete resolution, handoff, and a blameless post-incident review with concrete action items.
When to use it
- Alerts firing or monitoring thresholds breached in production
- User-reported outages, errors, or service degradation
- On-call escalation or paged incidents
- Spike in error rates, latency, or resource exhaustion
- After a deployment or config change that coincides with failures
Best practices
- Confirm incidents quickly and avoid chasing false positives
- Prioritize mitigation (restore service) before deep debugging
- Collect and preserve evidence: dashboards, logs, traces, commands
- Use severity levels to drive communication cadence and staffing
- Keep updates concise and regular for stakeholders during high-severity incidents
Example use cases
- SEV1: Total service outage after a production deployment — use rollback or feature-flag disable and run a post-incident review
- SEV2: Significant latency and 5xx spike in a critical API — gather traces, scale or restart pods, and monitor recovery
- SEV3: Partial degradation affecting a region — failover, verify dependency health, and schedule follow-up remediation
- Investigating recurring errors tied to a recent config change — build a timeline and correlate change audits
- On-call handoff mid-incident — use the handoff template to summarize status, actions, and next steps
FAQ
Schedule a blameless review for SEV1/SEV2 incidents within 48–72 hours after resolution; SEV3 reviews can be scheduled as needed.
What telemetry should I check first?
Begin with error rates (5xx/exceptions), then latency (p95/p99), traffic, resource utilization, and dependency health.