[alexchantavy]

Thank you, this is very helpful especially given your experience in the space. I intended to frame this like "there are many tools that let a security team can pull in data from the cloud providers and detect misconfigurations, but this becomes soo much more useful when they're able to contextualize it against their internal data". If I'm responding to log4j, I want to know all of the services that are running that affected library, which ones are internet open, and who in the organization owns it. That last part is key for actionability.