The identification and analysis of security incidents today takes 45 to 250 days for organizations in the public and private sectors, and usually occurs only when, for example, escape sensitive data, personal data, or critical service malfunction. However, new legislation, such as the Cyber Security Law, based on the NIS directive, as well as other legislation such as the GDPR, requires the reporting of incidents in practically immediate terms - within a few hours or days, and at the same time implementing the tools and procedures that will result from incidents prevented. What needs to be done from a technical and procedural point of view to accelerate threat identification, streamline responses and, ultimately, meet regulatory requirements?