It is currently our antivirus and EDR platform that we use to export incidents to our SIEM and automation platform, SOAR. We use Demisto for our SOAR.
The solution is fully deployed in our organization. We are primarily Windows. There are four major hospital sites with a couple thousand endpoints each. We probably have 600 remote workers due to COVID-19. I would probably say there are 7,000 VDIs inside of Citrix. Then, the rest are probably small clinical sites with no more than 50 to 80 people at each one. They make up the bulk of the rest, and probably 99 percent of that is Windows or server-based. We only have maybe 30 Macintoshes in the whole system and about as many Linuxen.
We are using Windows agent 618.