Context: ROADMAP.md → Security operations metrics (dwell time and coverage)
Component
CDK / infrastructure
Describe the feature
CloudWatch metrics and dashboard panels : time from anomaly (circuit breaker trip, guardrail spike, policy deny burst) to operator awareness ; fraction of security/ops alarms investigated . Targets shortened exploit windows.
Use case
Security teams measure detection-to-response, not just alert firing. Uninvestigated alarms indicate process gaps.
Proposed solution
Metric: security_anomaly_to_ack_seconds (anomaly event → first operator action or ticket).
Metric: security_alarms_investigated_ratio (manual tag or integration hook).
Dashboard row on operator dashboard.
Optional integration with PagerDuty/Opsgenie ack timestamps.
Other information
Pairs with behavioral circuit breaker and automated alert triage drafts.
Design context: docs/design/OBSERVABILITY.md, docs/design/SECURITY.md.
Context: ROADMAP.md → Security operations metrics (dwell time and coverage)
Component
CDK / infrastructure
Describe the feature
CloudWatch metrics and dashboard panels: time from anomaly (circuit breaker trip, guardrail spike, policy deny burst) to operator awareness; fraction of security/ops alarms investigated. Targets shortened exploit windows.
Use case
Security teams measure detection-to-response, not just alert firing. Uninvestigated alarms indicate process gaps.
Proposed solution
security_anomaly_to_ack_seconds(anomaly event → first operator action or ticket).security_alarms_investigated_ratio(manual tag or integration hook).Other information
Pairs with behavioral circuit breaker and automated alert triage drafts.
Design context:
docs/design/OBSERVABILITY.md,docs/design/SECURITY.md.This might be a breaking change