A new offense has been observed in QRadar SIEM. Based on the limited amount of captured netflow data the analyst cannot come to a conclusive result. By initiating a full incident forensics investigation with QRadar Incident Forensics the analyst is able to uncover several suspicious activities involving emails and extensive chat.