Detection and Response in the Cloud

legacy systems have been over peoting on detection and then detection and response, right? It's only lately that we realize that the big pandora box in the sark is not the detection or there, its actually the triage and investigation. So i agree that we've gotten better at understanding a day in the life of the analyst and building tools to support them at each stage of the journey. But how's that different in cloud? So in the cloud, wat dos that mean? Again, when you go back to the daa collection, you likely need a different collection mechanism. On prime, its about getting si log, opening that and you just receive sis log. In the