List all endpoints, identities, and cloud resources involved. Phase 3: Evidence Gathering
: Spend no more than 5 minutes determining if an alert is a false positive or requires deeper review. effective threat investigation for soc analysts pdf
Flow data, packet captures, DNS queries. List all endpoints, identities, and cloud resources involved