Data Security

Build me an encryption audit automation in Tracecat. Every morning, pull Wiz findings for unencrypted S3 buckets, EBS volumes, and RDS instances, then check each one against AWS to confirm it still exists and who owns it. Record every gap in a Tracecat table, open a Jira ticket per resource owner, and close tickets automatically once the resource shows up encrypted. First help me understand how this maps to PR.DS-01 and what good data-at-rest protection looks like beyond turning on default encryption. Ask me which AWS accounts are in scope and which Jira project to file against. Talk me through whether the auto-close logic can run unattended or needs an approval gate.

Build me an endpoint encryption check in Tracecat. Pull the device inventory from Jamf each week and flag any Mac without FileVault enabled or with no recovery key escrowed, then cross-check the Windows fleet in Microsoft Defender XDR for BitLocker status. Open a case per unencrypted device, email the device owner with a remediation deadline, and follow up automatically if nothing changes in seven days. First help me understand how this maps to PR.DS-01 and why full disk encryption on user endpoints is the control auditors check first. Ask me whether my fleet is Jamf-only or split with Windows, and where escrowed recovery keys live. Talk me through how many reminder cycles to run before a device escalates to IT leadership.

Build me a DLP triage automation in Tracecat. Receive Zscaler DLP alerts over a webhook and open a case for each one. When the case opens, run an agent that enriches the user from Okta with their team, manager, and recent sign-in activity. If the destination is a personal email or file sharing service, raise the case severity, block follow-on uploads for that user in Zscaler, and notify the security channel in Microsoft Teams with the file name, classification, and destination. First help me understand how this maps to PR.DS-02 and what protecting data in transit means in practice beyond TLS. Ask me which data classifications should trigger a block versus a notify-only response. Talk me through whether the Zscaler block should be automatic or sit behind an approval step in the case.

Build me a backup assurance automation in Tracecat. Pull AWS Backup job results every morning and record failures in a Tracecat table with the resource, vault, and error. Open a ServiceNow incident for any critical system whose backups have failed two days running. Once a quarter, run a scheduled workflow that picks a sample of backups, files a restore test task in ServiceNow for each system owner, and chases the results until each test is logged as passed or failed. First help me understand how this maps to PR.DS-11 and why tested restores matter more than backup success rates. Ask me which systems count as critical and how often each tier should be backed up. Talk me through choosing the failure threshold that pages someone versus the one that just files a ticket.