Asset Management

Build me an inventory reconciliation workflow in Tracecat. Pull hosts from CrowdStrike, devices from Jamf, and instances from AWS, then diff the three. Surface machines missing an EDR agent, devices unknown to MDM, and cloud instances nobody enrolled anywhere. Write the unified inventory to a Tracecat table and open a ServiceNow ticket per unmanaged asset. First help me understand how this maps to ID.AM-01 and why the gaps between inventories matter more than any single inventory. Ask me which of these systems I should treat as the source of truth. Talk me through a weekly schedule versus reconciling continuously as assets appear.

Build me a software inventory automation in Tracecat. Pull installed applications from Jamf and the SaaS estate from Okta sign-in data, keep both in one table with owner and last-seen date, and flag new software that nobody approved. Post a weekly digest of additions and removals to the security channel. First help me understand how this maps to ID.AM-02 and why shadow SaaS is usually the biggest blind spot. Ask me whether we have an approved software list to diff against. Talk me through handling the long tail of one-off tools without drowning the team in tickets.

Build me an asset criticality scoring workflow in Tracecat. Enrich our asset table with owner, environment, internet exposure from Wiz, and the data classification of what each asset touches. Score each asset on a simple rubric and write the tier back to the table so triage and vulnerability workflows can read it. First help me understand how this maps to ID.AM-05 and how criticality tiers change downstream response decisions. Ask me what makes an asset critical in our business. Talk me through keeping scores current as assets change roles.

Build me a data inventory automation in Tracecat. Enumerate S3 buckets and RDS databases from AWS and shares in Snowflake, record each store with its owner, classification, and retention expectation, and flag stores with no classification or no owner. Re-run monthly and track newly appeared stores. First help me understand how this maps to ID.AM-07 and why data inventories decay faster than hardware ones. Ask me which data types we have designated as sensitive. Talk me through whether unclassified stores should open tickets or feed a review queue.