A user reports that they clicked on a suspicious link in an email thirty minutes ago. Walk me through how you would use SIEM log analysis to determine whether the user's workstation has been compromised and what actions the attacker may have taken.

Sample answer preview

When a user reports clicking a suspicious link, time is critical because any malware that was downloaded may already be executing and establishing persistence. My log analysis investigation would follow a systematic approach, working through multiple data sources to build a…