Add docs for incident response app (EE, Closed Alpha) #3047
Conversation
|
@jasonblais Added examples here: #3094 The examples won't work until a bug fix is applied: https://github.com/mattermost/mattermost-plugin-workflow/pull/41 |
There was a problem hiding this comment.
This is ready for review. Please see attached comments for FYIs or questions.
@crspeller (dev review) @amyblais (editor review) @wiersgallak (PM review) -- cc @justinegeffen if time to review
| @@ -0,0 +1,667 @@ | |||
| Incident Response Application (EE, Closed Alpha) | |||
There was a problem hiding this comment.
I'm open to feedback on the length of this page and whether we'd want to break into separate smaller pages.
As a note, 80% of this is configuration, as I wanted to make it all-inclusive for the JSON configuration with all info available in one place. The configuration will be much simpler once it’s moved to the UI.
|
|
||
| Below is an example of the incident response app automatically creating a channel from a Nagios alert, adding users to the channel and providing them quick actions to take on the incident. | ||
|
|
||
| .. image:: ../images/incident-response-app-intro-image.png |
There was a problem hiding this comment.
FYI - Username and pic may change, using what we have at the moment
| .. image:: ../images/incident-response-app-intro-image.png | ||
| :alt: Incident Response App: Intro Image | ||
|
|
||
| .. image:: ../images/incident-response-app-intro-image-fullpage.png |
There was a problem hiding this comment.
@amyblais Question: Do images typically have a border? If yes, how is it added (is it locally via image editing program)?
There was a problem hiding this comment.
This should be a question for UX. @asaadmahmood
|
|
||
| In this example, ``{{.Action.CreateWarroom.ChannelName}}`` pulls the channel name used in an ``CreateWarroom`` action, which is the example of the ``create_channel`` action above, and posts a message to that channel. | ||
|
|
||
| **Fields and Transitions** |
There was a problem hiding this comment.
Open for feedback on how to describe these two parameters.
Co-Authored-By: Amy Blais <amy_blais@hotmail.com>
Co-Authored-By: Amy Blais <amy_blais@hotmail.com>
Co-Authored-By: Amy Blais <amy_blais@hotmail.com>
Co-Authored-By: Amy Blais <amy_blais@hotmail.com>
Co-Authored-By: Amy Blais <amy_blais@hotmail.com>
Co-Authored-By: Amy Blais <amy_blais@hotmail.com>
Co-Authored-By: Amy Blais <amy_blais@hotmail.com>
Co-Authored-By: Amy Blais <amy_blais@hotmail.com>
Co-Authored-By: Amy Blais <amy_blais@hotmail.com>
|
@amyblais all editor feedback addressed. I see a merge conflict (not sure why), I'll resolve that once PM/UX feedback shared |
|
|
||
| The incident response application is available in closed Alpha and is supported in Mattermost 5.12 and later. | ||
|
|
||
| Use the incident response application to connect all your workflows, automate repetitive tasks and collaborate on incidents within one secure messaging platform. Sample use cases you can accomplish with this app include the following: |
There was a problem hiding this comment.
The sentence "Sample use cases you can accomplish with this app include the following" this reads tricky for me. Recommend "This app will allow you to accomplish the following sample use cases:"
| Use the incident response application to connect all your workflows, automate repetitive tasks and collaborate on incidents within one secure messaging platform. Sample use cases you can accomplish with this app include the following: | ||
|
|
||
| 1. Trigger automated incident response workflows based on keywords. | ||
| 2. Automatically mention your InfoSec or DevSecOps teams when an incident occurs, including via email, mobile push and desktop notifications. |
There was a problem hiding this comment.
Recommend simplifying this:
"Automatically mention your InfoSec or DevSecOps teams when an incident occurs and notify them via email, mobile push or desktop."
Also wondering if 2 should come after 3 - understand its a use case, but it also reads a little bit as the process.
| 1. Trigger automated incident response workflows based on keywords. | ||
| 2. Automatically mention your InfoSec or DevSecOps teams when an incident occurs, including via email, mobile push and desktop notifications. | ||
| 3. Auto-create "war rooms" and invite key team members to immediately collaborate on a critical incident. | ||
| 4. Take quick actions, review data and access relevant links all in one place. |
There was a problem hiding this comment.
Wondering if we should outline what "quick actions" mean. ie: Take quick actions like triaging or assign tasks, review data, and access relevant links all in one place.
| 2. Automatically mention your InfoSec or DevSecOps teams when an incident occurs, including via email, mobile push and desktop notifications. | ||
| 3. Auto-create "war rooms" and invite key team members to immediately collaborate on a critical incident. | ||
| 4. Take quick actions, review data and access relevant links all in one place. | ||
| 5. Archive resolved incidents to declutter your channel sidebar without losing access to past information. |
There was a problem hiding this comment.
Recommend highlighting benefit more here first 0/5 "Archive resolved incidents to keep a record of the resolution and keep channel sidebar decluttered. "
| How Can I Try The App? | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| 1. `Sign up for the closed Alpha program <https://docs.google.com/forms/d/e/1FAIpQLSf4Rr1YnofQQnKHJuL0Cgz_DaCUitt_Atik7K9KXsDefCyXlg/viewform>`_. If you're selected to join the Alpha program, you will receive an email from us with a plugin binary. |
There was a problem hiding this comment.
Maybe add an expectation of what is expected of customers who join the Alpha program is. Like working closely with the PM team to refine design, functionality, and rigorous testing of the feature.
| ] | ||
|
|
||
| .. tip:: | ||
| If the ``create_channel`` action attempts to create a channel that already exists, the workflow fails to continue as it's unable to create that said channel. |
There was a problem hiding this comment.
Recommend being more direct in this sentence "...the workflow fails as it is unable to create a channel duplicate of one that already exists."
| .. tip:: | ||
| If the ``create_channel`` action attempts to create a channel that already exists, the workflow fails to continue as it's unable to create that said channel. | ||
|
|
||
| Therefore, it is highly recommended that you use instance template variables to define ``channel_name`` and ``channel_displayname`` parameters to avoid non-unique channel names. For instance, if you define the channel name to be ``system-incident-{{.Instance.Number}}`` such as in the app workflow JSON example above, channels are created with names ``system-incident-1``, ``system-incident-2``, and so forth, avoiding duplicate names. |
There was a problem hiding this comment.
Recommending additional simplification of this content (hoping I didnt lose too much meaning in my changes):
It is highly recommended that you use instance template variables to define channel_name and channel_displayname. For instance, defining the channel name in your workflow assystem-incident-{{.Instance.Number}} will create channels with names system-incident-1, system-incident-2each time the workflow runs, thereby ensuring unique names and preventing duplicate names.
|
|
||
| The following are some of the use cases we plan to support in a future Beta or stable release: | ||
|
|
||
| 1. Pulling remote data to, for instance, look up responders who are on duty from an external system or from AD/LDAP, and notifying them about a new incident. |
There was a problem hiding this comment.
This is hard to read. Here is an idea, but feel free to change.
- Integrating with data in other systems, for example, looking up users in an external system who may be "on-call" and need to be notified of a new event.
There was a problem hiding this comment.
@wiersgallak Excellent feedback, thank you so much!! Addressed, plus left two comments
wiersgallak
added
3: Reviews Complete
amyblais
removed
the
3: Reviews Complete
* master: Equalsigns had been replaced with hyphen (#3139) v5.16.3 / v5.15.3 dot release docs (#3133) Change three dots > hamburger menu (#3134) Update permalink for help wanted issues (#3034) Update install-mmte-helm-gitlab-helm.rst (#3109) Update incident-response-application.rst (#3127) Update ESR docs (#3116) Update time and link info of the developers meeting (#3123) Add docs for incident response app (EE, Closed Alpha) (#3047) 5.16.2 dot release docs (#3117) Update plugins.rst (#3114) Moved Zoom docs to Zoom repo (#3069) Move workflow samples to ../samples/incident-response-app (#3113) Updated mattermost username in () (#3112)
No description provided.