# Sola for Incident Readiness

Incident response depends on knowing your environment and being equipped to respond quickly, before an incident occurs, keeping the impact minimal.

Sola helps you evaluate logging coverage, assess backup configuration, and map blast radius across cloud, identity, and SaaS systems to understand your readiness.

This page explains the key concepts behind **incident readiness** and **backup resilience**, what it is, why it matters, and how Sola helps you assess it.

Get started with these below **ready-made Ask and Build prompts**, or the **Prompt Library**, both available directly in the Sola chat interface.

<details>

<summary><img src="/files/DESMoC6l1Gr9uaynao5N" alt=""> <em><strong>Ask</strong>: How ready am I for an incident</em></summary>

Copy this prompt into [Sola AI](https://app.sola.security/) to get started:

{% code overflow="wrap" %}

```
I want to evaluate whether my organization is prepared to handle a security incident. Guide me to identify which critical system I should connect first - such as AWS, Azure, GCP, or identity providers like Okta - or if I already have one connected, ask me which to use. Then help me assess issues like logging coverage gaps, IAM hygiene problems, backup configuration weaknesses, or monitoring gaps that could slow incident response. Guide me to the best next step to quickly experience Sola's value. Do this as an interactive conversation, guide me one step at a time, avoid long explanations upfront, and pause for my response.
```

{% endcode %}

</details>

<details>

<summary><img src="/files/DESMoC6l1Gr9uaynao5N" alt=""> <em><strong>Build</strong>: Incident readiness tracking</em></summary>

Copy this prompt into [Sola AI](https://app.sola.security/) to get started:

{% code overflow="wrap" %}

```
I want to build an app that continuously monitors my incident readiness and backup resilience. Guide me to identify which systems I should connect first - such as AWS, Azure, or GCP - or if I already have one connected, ask me which to use. Then help me build queries to assess issues like backup coverage, logging gaps, and IAM hygiene, create canvases showing readiness trends over time, and set up alerts for backup failures or degraded response capabilities. Guide me to the best next step to quickly experience Sola's value. Do this as an interactive conversation, guide me one step at a time, avoid long explanations upfront, and pause for my response.
```

{% endcode %}

</details>

## What is  Incident Readiness and Backup Resilience?

Incident readiness is the practice of ensuring your organization can detect, respond to, and recover from a security incident. Backup resilience is the assurance that critical data and systems can be restored after an attack.

In simple terms, incident readiness helps answer the question:\
\&#xNAN;***"If something went wrong today, would we know? Could we recover?"***

Key areas of focus include:

* Logging coverage across cloud and SaaS systems.
* IAM hygiene and access controls that affect response speed.
* Backup configuration, retention policies, and recovery readiness.
* Alert coverage gaps and detection blind spots.
* Privilege escalation paths that expand blast radius.
* Forensic log retention and audit trail completeness.

### Why is Incident Readiness important

True incident readiness requires more than detection. It requires knowing in advance what your blast radius looks like, where your logging gaps are, and whether your backups would help you quickly resolve an incident.

Discovering these gaps in the middle of an incident is the worst possible time. The organizations that recover fastest are those that assessed their readiness before the incident occurred.

Sola's cross-system graph makes it possible to simulate these scenarios proactively, rather than discovering gaps under pressure.

### Incident Readiness with Sola

Sola connects cloud, identity, and SaaS data to give you a complete picture of your incident readiness.

With Sola, you can:

* **Assess** logging and alerting coverage across cloud, identity, and SaaS environments.
* **Map** blast radius for high-risk accounts, roles, and systems.
* **Audit** backup configuration, retention policies, and recovery readiness.
* **Identify** privilege escalation paths that could expand an attacker's footprint.
* **Evaluate** forensic log retention and audit trail completeness.

## Prompt library examples

Browse and run these prompts directly from the Prompt library in the Sola chat interface.

<img src="/files/MLlMKRdCI1cJhQemb1Ho" alt="Prompt Library" data-size="original">

<details>

<summary><strong>Blast Radius Estimation</strong></summary>

{% code title="PROMPT" overflow="wrap" %}

```
If a specific user account [or role / system] were compromised right now, what’s the worst-case blast radius? Show every system, dataset, and permission they could access or abuse, including lateral movement paths.
```

{% endcode %}

</details>

<details>

<summary><strong>Backup &#x26; Restore Resilience Audit</strong></summary>

{% code title="PROMPT" overflow="wrap" %}

```
Assess whether backups are properly configured across cloud workloads and critical SaaS data. Flag missing backups, weak retention policies, single-region storage, and any workloads with no recovery plan.
```

{% endcode %}

</details>

<details>

<summary><strong>Privilege Escalation Path Mapping</strong></summary>

{% code title="PROMPT" overflow="wrap" %}

```
Map all paths in my environment where an attacker starting from a standard user account could escalate to cloud admin, domain admin, or root. Include identity, cloud, and SaaS vectors in the analysis.
```

{% endcode %}

</details>

<details>

<summary><strong>Forensic Logging Readiness</strong></summary>

{% code title="PROMPT" overflow="wrap" %}

```
Do I have sufficient log retention and audit trails to investigate an incident that occurred 90 days ago? Show which systems have audit logging enabled and which are gaps, and flag any that may have been disabled recently.
```

{% endcode %}

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sola.security/resources/prompt-library/incident-readiness.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.