As organizations break away from traditional network-based security concepts, where zones are delegated “trusted” or “untrusted,” to people-centric security models like Zero Trust, identity is becoming intrinsically linked to security. In fact, identity data can help security teams determine whether users or organizations are being subject to a cyber attack. This whitepaper will outline what and how identity data can be used as an indicator of a cyber attack, as well as ways to respond to incidents using Identity and Access Management (IAM) systems.