# Detection and analysis ## Event vs incident vs breach ## Use of logs, SIEM, alerts ## Triaging and prioritisation