Help us understand how you monitor and respond to incidents related to your Assets and Identities

Question Title

* 1. How does your enterprise track assets?

Question Title

* 2. Do you handle incidents differently based on system impacted?

Question Title

* 3. Can you connect systems to business functions?

Question Title

* 4. Do you have a CMDB?  What vendor are you using?  How up to date is the deployment?

Question Title

* 5. What detection rules do you leverage today that trigger from denied access attempts (logins/failed file shares)?

Question Title

* 6. Is there detection logic you would like to impement, but can't due to limitations?

Question Title

* 7. Have you implemented any home grown/one-off solutions that focus on identifing suspicious users connects?

Question Title

* 8. How do you change monitoring for terminated users?

Question Title

* 9. If you have a flagged user, how does their monitoring change?

Question Title

* 10. Are Insider threats a priority?

Question Title

* 11. Are you evaluating any UEBA vendors?

T