I will actually use the company that I work for. I see Product Bug Reports come in all
the time for DevOps that are from the security team asking for DevOps to block
specific IP Addresses because of Malicious Activity. This action that they are
pointing out is an incident detection precursor. The security team constantly
monitors system and firewall logs and determines precursors. As far as I know, they
have never determined an indicator.
I do know that we have scrubbed a lot of data because of changing laws and best
practices. These change requests came from the security team, which is apparently
doing their jobs very well
