Hi,
I wouldn't recommend to focus on the single finding. Indicator-of-compromise category contains rules that should be used for the detection of a positively compromised system and false positives may occur.
When evaluating an event, all the intrus...
