Skip to main content

09 Operations Runbook

Pre-deployment checklist

  1. Ensure all required environment variables are set.

  2. Run preflight validation:

    sh defense_center/scripts/preflight-env.sh defense_center/.env

  3. Confirm PostgreSQL, Redis, OpenSearch, and InfluxDB endpoints are reachable.

  4. If analytics chat threat intel is required, confirm AnalyticsChatEnrichment:MispBaseUrl, AnalyticsChatEnrichment:MispApiKey, and AnalyticsChatEnrichment:MispEnabled=true are set.

  5. Confirm the local playbook file exists at AnalyticsChatEnrichment:PlaybookPath when playbooks are enabled.

Startup expectations

Successful startup should include:

  • Configuration validation success log
  • Dependency health checks passed log
  • Migration success log when auto-migrate is enabled
  • If analytics chat is enabled, no startup validation should report missing enrichment configuration placeholders

Analytics chat + MISP smoke checks

  1. Call GET /api/analytics/chat/status with an authenticated user session.
  2. Verify enabled is true when Ollama-backed chat is configured.
  3. Verify capabilities.threatIntel, capabilities.historicalEnrichment, and capabilities.playbooks match the intended deployment.
  4. Start a chat from an analytics snapshot that contains source IPs, destination IPs, or CVE-like strings.
  5. Verify a MISP hit produces a citation with sourceType = "misp" and an event url.
  6. Temporarily make MISP unreachable or disable MispEnabled, then verify chat still streams with historical/playbook or analytics-only context.

If startup fails

Configuration validation failure

  • Fix missing or placeholder environment values.
  • Re-run preflight script.

Dependency healthcheck failure

  • Verify service credentials and network routing.
  • Verify dependency service health independently.

Migration failure

  • Verify database connectivity and migration state.
  • Check migration retry configuration values.

Analytics chat reports no ThreatIntel capability

  • Verify AnalyticsChatEnrichment:Enabled=true.
  • Verify AnalyticsChatEnrichment:MispEnabled=true.
  • Verify AnalyticsChatEnrichment:MispBaseUrl is an absolute URL.
  • Verify AnalyticsChatEnrichment:MispApiKey is set and valid.
  • Remember that threat intel can be unavailable while chat itself remains healthy.

MISP SSL verification errors

  • If the MISP instance uses a self-signed or privately issued certificate, either install the issuing CA in the runtime image or set AnalyticsChatEnrichment:MispVerifySsl=false only in trusted environments.
  • Re-test GET /api/analytics/chat/status and a live chat request after changing SSL handling.

Playbook file missing

  • Verify AnalyticsChatEnrichment:PlaybookPath points to a file deployed with the backend image.
  • Check backend logs for playbook load warnings from PlaybookGuidanceProvider.
  • Chat should still run without playbooks, but the capability flag will remain false.

CI pipeline summary

Current backend CI includes:

  • Sonar scanner stage on main
  • Docker image build and push on develop/main

File reference: ravenxcope-backend/.gitlab-ci.yml