What would your approach be to root cause analysis for an alert that originated from exposed RDP or vulnerability exploitation at Vectra AI?