Every company uses tagging and resource labeling in their own way. Among
other uses, mature labeling practices are a great way to identify
resources to their cost centers, keep track of their purpose and
contents for compliance requirements and for n...
That looks correct to me. A useful way to think the security-assessment
endpoint vs. the alerts endpoint is to see the first one as an alias for
a subset of the latter with some useful additional filter shortcuts