How do you analyze logs, isolate compromised assets, and document post-mortem reports after an incident at BASF?