How do you approach the incident response lifecycle from detection and triage to containment and eradication?