Check correlation search health, RBA activity, log ingestion, and visibility gaps
Investigative SPLs, anomaly detection, TTPs, and suspicious behavior analysis