DATA OPS

Confirmed production PII leak PagerDuty escalation

When a scan confirms unmasked PII in a production-tagged Snowflake table, it quarantines the table, pages the on-call data engineer via PagerDuty, and opens a Linear incident.

CategoryData Ops

Enginesim

Difficultyadvanced

Triggerschedule

Steps6

Setup~25 min

How it runs

The automated pipeline, trigger to output.

TriggerScheduled production-scoped scan
ActionSample new columns in prod-tagged tablesSnowflake
LogicBranch only on confirmed unmasked PII
ActionQuarantine the production tableSnowflake
ActionPage on-call via PagerDuty incidentPagerDuty
OutputOpen linked Linear incidentLinear

What it does

This template is the high-severity path: it only acts on columns in tables tagged as production. It samples and classifies them, and when it confirms unmasked PII it immediately quarantines the table in Snowflake, triggers a PagerDuty incident to page the on-call data engineer, and opens a linked Linear incident capturing the table, columns, and matched categories for the postmortem.

When to use it

Use it when a live PII leak in a production dataset is a page-someone-now event, not a ticket to triage next sprint, and you want detection wired directly into your incident response.

How it works

1A schedule triggers the production-scoped scan.
2Query Snowflake for new columns in production-tagged tables and sample them.
3Classify samples and branch only on confirmed unmasked PII.
4Revoke SELECT to quarantine the production table.
5Trigger a PagerDuty incident to page the on-call data engineer.
6Open a linked Linear incident with full evidence for the postmortem.

Set it up

What you configure once, before turning it on.

1
Connect SnowflakeWarehouses, queries, shares.
2
Connect PagerDutyIncidents, on-call, escalations.
3
Connect LinearIssues, projects, cycles, triage.
4
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
5
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
6
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More Data Ops workflows

Weekly BigQuery Cost Trend Sheet and Exec Digest

Compiles week-over-week BigQuery scheduled-query cost by owner and dataset into a Google Sheet with trend columns.

Daily BigQuery Scheduled-Query Cost Attribution to Owners

Each morning, totals the prior day's on-demand bytes-billed per scheduled query, maps each query to its owner from a label, and posts a per-owner cost leaderboard to Slack.

BigQuery Per-Team Budget Breach Alert to PagerDuty

Tracks month-to-date BigQuery scheduled-query spend per team and, when a team crosses its monthly budget, pages the team's on-call in PagerDuty and snapshots the spend breakdown…

dbt source freshness watcher with severity-routed alerts

Checks Snowflake loaded-at timestamps against each dbt source's freshness SLA, then routes warnings to Slack and hard breaches to a PagerDuty incident so stale data never…

dbt orphan model detector with Linear cleanup tickets

Scans your dbt manifest for models that no other model, exposure, or BI tool consumes.

Raw Sensor Telemetry Archive to BigQuery

Captures every incoming building sensor reading via webhook, normalizes the payload into a consistent schema.

Browse all Data Ops →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

Finance

Research & Trading Desk

Governance-first research, execution, and risk — every trade on the audit trail.

Operations

Internal Operations

Runbooks, on-call, vendor management — disciplined and audited.

Software

Agent Hive runs Agent Hive

The team that built Agent Hive, exactly as it runs today.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →