Would this be a proper correlation between entity and attack stage?
Would this be a proper correlation between entity and attack stage? (You see an alert for a user sending DNS requests for TOR sites, and correlate this to data exfiltration.) A. Yes B. No