Module 4 Lab: Containment and remediation automation

Module 4 Lab: Containment and remediation automation#

Define containment actions and approval gates.

Lab Context#

This lab uses synthetic incident records with severity, confidence, blast radius, containment option, and approval outcome as a safe proxy for the course setting. It is not a substitute for institutional data, but it lets you practice the reasoning, metrics, and documentation pattern before working with real records.

Lab Tasks#

  1. Run the baseline analysis.

  2. Identify the decision the metric supports.

  3. Change one threshold, score weight, or input assumption.

  4. Compare the result before and after your change.

  5. Record one deployment risk that the synthetic data cannot reveal.

import numpy as np
import matplotlib.pyplot as plt

rng = np.random.default_rng(4)
n = 96
exposure = rng.beta(2, 4, size=n)
severity = rng.beta(2.5, 2.5, size=n)
control_gap = rng.beta(3, 5, size=n)
activity = rng.beta(2, 6, size=n)
business_impact = rng.beta(2, 3, size=n)

risk_score = 0.25*exposure + 0.25*severity + 0.20*control_gap + 0.15*activity + 0.15*business_impact
threshold = float(np.quantile(risk_score, 0.80))
priority = risk_score >= threshold

plt.figure(figsize=(6, 3))
plt.scatter(severity, risk_score, c=priority, cmap="coolwarm", s=24)
plt.xlabel("severity")
plt.ylabel("risk/detection priority")
plt.title("Module 4 Lab: Containment and remediation automation")
plt.tight_layout()

summary = {
    "priority_count": int(priority.sum()),
    "threshold": threshold,
    "top_indices": np.argsort(risk_score)[-5:][::-1].tolist(),
    "review_note": "Inspect high-score cases for false positives and missing context before action.",
}
summary

{'priority_count': 20,
 'threshold': 0.4505563824640886,
 'top_indices': [43, 67, 92, 12, 42],
 'review_note': 'Inspect high-score cases for false positives and missing context before action.'}
../_images/edb76ba5feb12ed7a443f0741d447b8808ebd51ab137830bccae1fe515dde732.png 
reflection = {
    "what_changed": "",
    "metric_before": "",
    "metric_after": "",
    "interpretation": "",
    "synthetic_data_limit": "",
    "next_real_world_evidence_needed": "",
}
reflection

{'what_changed': '',
 'metric_before': '',
 'metric_after': '',
 'interpretation': '',
 'synthetic_data_limit': '',
 'next_real_world_evidence_needed': ''}