Brownouts can be very useful in finding impacted systems that may have been overlooked as well. Last month, I had to do some updates because a customer's API had moved to a new URL on a new server. My team and I identified (what we thought was) everything using the API and did the updates.
A week later, the customer notified us that they were still seeing some traffic on the old URL, but all they could give us was the IP address it was coming from. Unfortunately this IP address belonged to a server that hosts a lot of our smaller applications, so it didn't really help locate the offender. So I just added a firewall rule to block access to the IP address of the customer's old server, and sure enough I heard the scream 15 minutes later. Removed the rule to get that application back up and running, got it updated to the new URL, and all was good.
A week later, the customer notified us that they were still seeing some traffic on the old URL, but all they could give us was the IP address it was coming from. Unfortunately this IP address belonged to a server that hosts a lot of our smaller applications, so it didn't really help locate the offender. So I just added a firewall rule to block access to the IP address of the customer's old server, and sure enough I heard the scream 15 minutes later. Removed the rule to get that application back up and running, got it updated to the new URL, and all was good.