Security Runbooks β Lantern β
This file contains short runbooks for common scenarios so on-call engineers can respond quickly.
1) Sudden spike in redemptions (possible fraud) β
- Triage: check recent deployments, review merchant campaign IDs, and inspect IP/geolocation patterns.
- Temporary action: throttle redemptions globally or per-campaign; switch high-risk offers to QR-only redemption.
- Identify affected users and merchant(s) and flag suspect redemptions as "under review".
- If financial impact suspected, notify Legal and Billing teams.
- For confirmed fraud, mark redemptions as invalid and create a dispute/resolution path for merchants.
2) Compromised admin account β
- Immediately revoke the compromised session and rotate admin credentials.
- Force password reset + invalidate active tokens for the user.
- Review logs for actions performed by the account (look for data exports or role changes).
- Audit all admin accounts and require MFA reenrollment for admins.
3) Data exfiltration suspected β
- Contain network access and preserve forensic artifacts (logs, snapshots).
- Engage Legal + Incident Lead; determine scope of data accessed.
- If PII impacted, notify users and regulators per incident classification & legal guidance.
4) Vulnerability discovered in a dependency β
- Patch if possible and test; otherwise implement a temporary mitigation (e.g., firewall rule, feature flag).
- Backport fixes to supported branches if applicable.
- Communicate with stakeholders about timelines and risk.
Keep runbooks simple and actionableβreference this file from on-call notes and add run-specific commands and links to dashboards.