Triage

Perform initial assessment to determine the scope, severity, and nature of the incident. Classify alerts, validate indicators of compromise, assign severity ratings, and establish whether a full incident response engagement is warranted. Prioritize affected assets and identify the preliminary attack vector.