- Home
- Skills
- Williamzujkowski
- Cognitive Toolworks
- Resilience Incident Generator
resilience-incident-generator_skill
- Python
5
GitHub Stars
3
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill williamzujkowski/cognitive-toolworks --skill resilience-incident-generator- CHANGELOG.md1.6 KB
- index-entry.json746 B
- SKILL.md13.8 KB
Overview
This skill generates incident response playbooks and runbooks aligned to NIST SP 800-61 Rev 2, with built-in escalation matrices and compliance mappings. It produces T1 templates for fast, general-purpose playbooks and T2 detailed, service-specific runbooks including communication plans and forensic preservation steps. Outputs include playbook documents, escalation CSV/JSON, and post-mortem templates.
How this skill works
Given validated inputs (incident_type, severity_level, tier, optional service_context and compliance_requirements), the skill classifies the incident, maps it to the NIST incident handling lifecycle, and emits the requested deliverables. T1 returns a compact template with six NIST phases and an escalation matrix. T2 consumes service context to generate detailed remediation steps, rollback procedures, monitoring queries, and compliance-specific actions. All playbooks follow deterministic rules and include time-bounded escalation thresholds.
When to use it
- A security incident is detected (malware, ransomware, data breach).
- Production outage or service degradation impacting customers.
- Disaster recovery events like data center or regional failures.
- Formalizing runbooks after a post-incident review.
- Meeting compliance documentation requirements (SOC2, HIPAA, PCI-DSS, FedRAMP).
Best practices
- Validate inputs: incident_type and severity_level must match allowed values before generation.
- Choose T1 for fast templates, T2 when you can supply service_context and compliance constraints.
- Always review forensic preservation steps for security incidents and consult legal for disclosure decisions.
- Integrate generated escalation matrix with your paging provider (PagerDuty, Opsgenie) and test contact thresholds.
- Keep artifacts free of credentials and PII; treat compliance mappings as operational, not legal, guidance.
Example use cases
- Generate a P0 data-breach playbook with HIPAA breach-notification steps and a post-mortem template.
- Produce a T2 runbook for a web service with dependency startup order, health checks, and rollback steps.
- Create an outage playbook with MTTR-focused containment and Prometheus/Datadog query examples.
- Produce an escalation matrix CSV to import into an on-call system and a communication cadence for executives and customers.
FAQ
Playbooks align to NIST SP 800-61 Rev 2 and map to applicable controls in NIST SP 800-53; compliance mappings reference HIPAA, PCI-DSS, SOC2, and FedRAMP as operational guidance.
When should I use T2 instead of T1?
Use T2 when you can provide service_context (architecture, dependencies) or need compliance-integrated, service-specific remediation and communication plans.