Let us look at the response to a malware alert. First, a Security Operations Center $($SOC$)$ Analyst receives an alert of anomalous behavior at a workstation. Since the alert is for only one workstation, the SOC Analyst triages the event. Further investigation shows that the alert was for behavior by a known user that did not pose a threat to the organization.

At this point, what happens with the incident response plan?$$Will it continue or should it be terminated?