It would be helpful to know if the alert is EDR or MDR, and impacted computer/user and status (isolated for example) to better know what level of effort we should be performing.