You receive an alert that a workstation is reaching out to a known malicious IP address. What are your immediate next steps?