Exploration should include
vulnerability scan output
security information and event management (SIEM) dashboards
log files
network device logs
system logs
application logs
security logs
web server logs
DNS logs
log retention
NetFlow/sFlow.