How do you identify patterns in reported compromises and determine whether additional compromises are part of the same incident?