29 lines
1.7 KiB
Markdown
29 lines
1.7 KiB
Markdown
# Incident Response CLI
|
|
|
|
## Module
|
|
Cli
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
CLI commands for incident response lifecycle management. Users can start incident mode with severity/scope/description (auto-creates evidence holds and sends notifications), view incident status with timeline, end incidents with resolution notes and optional evidence hold release/report generation, and list all incidents filtered by status.
|
|
|
|
## Implementation Details
|
|
- **Command Group**: `src/Cli/StellaOps.Cli/Commands/IncidentCommandGroup.cs` -- `IncidentCommandGroup` for `stella incident` commands
|
|
- **IR Commands**: `src/Cli/StellaOps.Cli/Commands/Ir/IrCommandGroup.cs` -- incident response operations
|
|
- **Commands**:
|
|
- `stella incident start --severity <level> --scope <scope> --description <text>` -- start incident mode (auto-creates evidence holds, sends notifications)
|
|
- `stella incident status <incident-id>` -- view incident status with timeline
|
|
- `stella incident end <incident-id> --resolution <text>` -- end incident. Options: `--release-holds`, `--generate-report`
|
|
- `stella incident list` -- list incidents. Options: `--status open|closed|all`
|
|
|
|
## E2E Test Plan
|
|
- [ ] Run `stella incident start --severity critical --scope "production" --description "CVE-2024-1234 exploited"` and verify incident created
|
|
- [ ] Verify evidence holds auto-created on incident start
|
|
- [ ] Verify notifications sent on incident start
|
|
- [ ] Run `stella incident status <id>` and verify timeline displayed
|
|
- [ ] Run `stella incident end <id> --resolution "Patched" --release-holds --generate-report` and verify incident closed
|
|
- [ ] Run `stella incident list --status open` and verify open incidents listed
|
|
- [ ] Verify `--format json` output
|