But the team wasn't done yet. They needed to dig deeper to understand the root cause of the breach. Alex finished the traceroute, revealing that the traffic was coming from a compromised IP address in a foreign country.
The team decided to simulate a more aggressive response, configuring the Palo Alto Firewall simulator to alert them if similar traffic was seen again. They also set up a sandbox environment to analyze the malicious packets and determine the attacker's goals.
"I think we have a compromised host somewhere out there," Alex said. "We need to investigate further."