An analyst would like to visualize threat objects across their environment and chronological risk events for a Risk Object in Incident Review. Where would they find this?

An adversary uses "LoudWiner" to hijack resources for crypto mining. What does this represent in a TTP framework?

An analyst is looking at Web Server logs, and sees the following entry as the last web request that a server processed before unexpectedly shutting down:
[51.125.121.100 - [28/01/2006:10:27:10 -0300] "POST /cgi-bin/shurdown/ HTTP/1.0" 200 3304] What kind of attack is most likely occurring?

An analyst notices that one of their servers is sending an unusually large amount of traffic, gigabytes more than normal, to a single system on the Internet. There doesn't seem to be any associated increase in incoming traffic.
What type of threat actor activity might this represent?

Which dashboard in Enterprise Security would an analyst use to generate a report on users who are currently on a watchlist?