While investigating alerts in the Analyzer you notice a host desktop with a low risk score has been sending regular emails from an internal account to the same external account. Upon investigation you see that the emails all have attachments. Would this be correct assessment of the situation? (This desktop should be added to a watch list and audited for a time to determine if this is real threat activity.)
A. Yes
B. No