What are the basic steps for investigating a compromised endpoint or a suspicious network spike at Moody's?