Example: Incident Case scenarios
There are many ways an administrator can become aware of suspicious activity in the system. The most likely way is by noticing something unusual in the logs or audit entries, or being warned about a potential problem in an alert.