Spotting compromises via unusual outbound connections, privilege escalation, or abnormal process ancestry falls under which activity?

Spotting compromises through unusual outbound connections, privilege escalation, or abnormal process ancestry is about detecting signs of adversary activity in a system. These are classic indicators of compromise that security teams monitor for to identify malicious behavior. Unusual outbound connections can signal command-and-control or data exfiltration, privilege escalation shows an attacker trying to gain higher access, and abnormal process ancestry reveals suspicious lineage of processes that may indicate malware or injection. By applying detection analytics, SIEM/EDR alerts, and threat-hunting techniques, defenders identify these patterns as malicious activity and begin investigation and response. In contrast, eradication is the cleanup after a threat is confirmed, governance covers policy and risk management, and data retention concerns how long logs are kept, not the live identification of threats.