mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 13:44:56 +03:00
mukul975
50 lines
2.4 KiB
Markdown
50 lines
2.4 KiB
Markdown
# Workflows - Patch Management
|
|
|
|
## Workflow 1: End-to-End Patch Lifecycle
|
|
|
|
```
|
|
┌────────────┐ ┌──────────┐ ┌──────────────┐ ┌──────────┐
|
|
│ Discover │──>│ Assess │──>│ Prioritize │──>│ Test │
|
|
│ (Vendor │ │ (CVE │ │ (CVSS+EPSS │ │ (Lab │
|
|
│ Feeds) │ │ Match) │ │ Scoring) │ │ Ring 0) │
|
|
└────────────┘ └──────────┘ └──────────────┘ └──────────┘
|
|
│
|
|
┌───────────────────────────────────────────────────┘
|
|
v
|
|
┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐
|
|
│ Approve │──>│ Deploy │──>│ Verify │──>│ Report │
|
|
│ (CAB / │ │ (Phased │ │ (Re-scan │ │ (Metrics │
|
|
│ Change) │ │ Rings) │ │ Confirm)│ │ + KPIs) │
|
|
└──────────┘ └──────────┘ └──────────┘ └──────────┘
|
|
```
|
|
|
|
## Workflow 2: Emergency Patch Process
|
|
|
|
For critical zero-day or actively exploited vulnerabilities:
|
|
|
|
1. **Alert** (T+0h): Vendor advisory or threat intel notification
|
|
2. **Triage** (T+1h): Assess applicability and impact
|
|
3. **Fast-track Test** (T+4h): Rapid testing on critical systems
|
|
4. **Emergency CAB** (T+6h): Expedited approval
|
|
5. **Deploy** (T+8h): Direct to production (skip pilot rings)
|
|
6. **Verify** (T+12h): Post-patch scan verification
|
|
7. **Post-mortem** (T+48h): Review process effectiveness
|
|
|
|
## Workflow 3: Rollback Procedure
|
|
|
|
```
|
|
Patch Deployment Fails
|
|
│
|
|
├──> Application Not Starting
|
|
│ └──> Restore from snapshot/backup
|
|
│
|
|
├──> Performance Degradation
|
|
│ └──> Uninstall patch (wusa /uninstall /kb:NNNNN)
|
|
│
|
|
├──> Blue Screen / Kernel Panic
|
|
│ └──> Boot to safe mode, remove update
|
|
│
|
|
└──> Network Connectivity Lost
|
|
└──> Console access, rollback patch
|
|
```
|