- Any of our attacks or testing that they did not pick up on
- Examples:
- Nessus
- Nmap
- Brute force (OWA, O365, other portals)
- Web enumeration
- Give Kudos where they picked up on malicious activity too!
Suggestion:
Review the SIEM strategy for external networks