Escalation to engineering — when and how
Trigger | Action | Who |
Block Mode is suspected of breaking production | Immediate: disable Block Mode for the affected rule/app. | AppSec on-call (or Eng if AppSec is unavailable) |
Active exploitation detected, no patch available | Request an emergency hotfix or virtual patch via ADR Block Mode | AppSec → Eng Lead |
ADR agent causing performance degradation | Reduce instrumentation scope or switch to Monitor mode. | AppSec → Eng on-call |
New vulnerability discovered by ADR at runtime | Create a Jira/ticket with ADR-provided code location and remediation guidance | AppSec (auto or manual) |