GSA
O+M 2022-8-4
As part of day-to-day operation of Data.gov, there are many Operation and Maintenance (O&M) responsibilities. Instead of having the entire team watching notifications and risking some notifications slipping through the cracks, we have created an O&M Triage role. One person on the team is assigned the Triage role which rotates each sprint. This is not meant to be a 24/7 responsibility, only East Coast business hours. If you are unavailable, please note when you will be unavailable in Slack and ask for someone to take on the role for that time.
Each day, you should start your triage by looking through the notification channels for anything urgent that came in after hours that might need immediate attention:
- #datagov-alerts may contain critical host alerts
- Bug bounty report (ad-hoc email)
- Vulnerable dependency notifications (daily email reports)
Acceptance criteria
You are responsible for all O&M responsibilities this week. We've highlighted a few so they're not forgotten.
- [x] Audit log updated for AU-6 Log auditing (Friday).
- [x] Any New Relic alerts have been addressed or GH issues created.
- [x] Weekly Nessus scan has been triaged.
- [x] Weekly Snyk scan is complete.
- [x] Weekly resources.data.gov link scan
- [x] If received, the monthly Netsparker scan has been triaged.
- [x] Finishing the shift: Log the number of alerts
