Skip to content
About Human Managed
About Human Managed
Security Workbench
Customer Requirements & Qualification
Share
Explore

Customer Requirements & Qualification

SecOps Pilot: Customer Intake Form

Let’s understand your security operations needs

🎯 What's Your Biggest Pain Point? (Check all that apply)

Drowning in alerts - too much noise, can't find real threats
No context - alerts come in but we don't know what to do ​
Slow response - takes us hours/days to investigate and act ​
Coverage gaps - lack of resources / skills gap to handle alerts 24/7 ​
Can't prove value - no metrics on how we're performing ​
Tool overload - too many dashboards, nothing talks to each other
Others (please specify)

🔧 What Security Tools Do You Have? (Check all that apply)

Endpoint Protection

Sentinelone
Trellix
Crowdstrike
Others (Please list all that matters for your business) -

Firewall/Network

Palo Alto
Fortinet
CheckPoint
Cisco
Others (Please list all that matters for your business) -

Cloud & Identity

AWS
Azure
GCP
M365
Okta
Others (Please list all that matters for your business) -

Web & Email Security

Imperva (WAF)
Cloudflare (WAF)
Zscaler
Others (Please list all that matters for your business) -

SIEM or SOAR or Log Management

Splunk
Exabeam
Elastic
None, just tool alerts
Others (Please list all that matters for your business) -

Ticketing & Workflow

ServiceNow
Zendesk
PagerDuty
None
Others (Please specify) -

📊 Environment Size (Rough estimates are fine)

Number of users:
Less than 1,000 (Please specify)
1,000-5,000
5,000 - 25,000
More than 25,000
Number of devices/endpoints:
Less than 1,000 (Please specify)
1,000-5,000
5,000-15,000
15,00-75,000
More than 75,000
Where is your infrastructure?
Mostly cloud (Please specify cloud providers e.g. AWS, Azure, GCP, others)
Mostly on-premises data centers
Hybrid

📈 Alert & Data Volume

How many security alerts do you get per day? (Rough estimate)
Not sure
Less than 100
100-500
500-2,000
More than 2,000 (Please specify)

Of those alerts, how many are actually real threats?
Not sure
Most of them (>50%)
Some of them (10-50%)
Very few (<10%)

Do you know your daily log/data volume?
Not sure
Less than 100 GB/day
100 GB - 500 GB/day
500 GB - 2 TB/day
More than 2TB/day (please specify)
How long do you need to store security data?
30 days
90 days
180 days
1 year or more (Please specify)
Not sure

🏢 Asset Criticality & Context

Do you have a way to identify which assets are most critical? (e.g., Business Impact Assessment, Asset inventory with criticality ratings)
Yes - we have documented asset criticality
Partially - we know some critical systems but not all
No - everything is treated the same
Not sure

If yes, where is this information?
CMDB / Asset management system
Spreadsheet
Business Continuity plan
Risk management framework
Other (Please specify)

What additional context would help your team respond faster? (Check all that apply)

Internal Context

Asset criticality (which systems matter most)
User profiles (department, role, manager)
Device profiles (OS, patch level, owner)
Historical baselines (is this normal for this asset?)
Other (Please specify)

External Threat Intelligence

File/hash reputation lookups
IP/domain reputation
URL analysis
MITRE ATT&CK technique mapping
Threat actor attribution
Not sure what we need
Other (Please specify)

⚠️ Which Threats Matter to Your Business Most and/or are keeping you up at night? (Pick your top 5)

Ransomware / malware on endpoints
Account takeovers and suspicious logins
Phishing and business email compromise
Web application attacks (SQL injection, etc.)
Insider threats and data leaks
Cloud misconfigurations
Network scanning and unauthorized access
Compliance violations
Others (please specify)

🔬 Triage & Analysis Approach

Do you have existing analysis playbooks for common security scenarios?
Yes - we have documented playbooks we'd like to use
Some - we have playbooks for a few scenarios
No - we'd like to use HM's standard playbooks
Not sure

If you have playbooks, would you want us to follow them?
Yes - follow our existing playbooks
Use HM's playbooks as a starting point, we'll adapt
Just use HM's standard playbooks

⏱️ Response Time & SLA Requirements

How quickly do you need us to respond? (Target SLAs)

Time to Detect (acknowledge we received the alert):

Within 5 minutes
Within 30 minutes
Within 1-2 hours
Let’s understand your security operations needs
🎯 What's Your Biggest Pain Point? (Check all that apply)
🔧 What Security Tools Do You Have? (Check all that apply)
Endpoint Protection
Firewall/Network
Cloud & Identity
Web & Email Security
SIEM or SOAR or Log Management
Ticketing & Workflow
📊 Environment Size (Rough estimates are fine)
📈 Alert & Data Volume
🏢 Asset Criticality & Context
Internal Context
External Threat Intelligence
⚠️ Which Threats Matter to Your Business Most and/or are keeping you up at night? (Pick your top 5)
🔬 Triage & Analysis Approach
⏱️ Response Time & SLA Requirements
Time to Detect (acknowledge we received the alert):
Time to Triage (analyze and determine if it's real):
Time to Respond (containment action taken):
🕐 What Service Coverage Do You Need?
🚀 How Do You Want to Start?
📅 Timeline
🔌 Data Source Readiness
🎁 What Would Success Look Like for You?
📝 Anything Else We Should Know?
Want to print your doc?
This is not the way.
Try clicking the ··· in the right corner or using a keyboard shortcut (
CtrlP
) instead.