You notice during your shift that a critical log source, such as the domain controller, has not sent any logs to the SIEM for the past two hours. How would you investigate and respond to this situation?

Sample answer preview

A critical log source going silent for two hours is a significant concern that I would treat with urgency. The absence of logs from a domain controller is actually more alarming than most active alerts because it could indicate that either something has failed accidentally or,…