Explanation (cloud triage at scale):
Cloud environments generate massive telemetry across services, accounts, regions, and tenants. The limiting factor is not “more logs,” but correlation and prioritization: connecting identity events, network flows, workload behaviors, API calls, and configuration changes into a coherent incident timeline and severity assessment. Automation/orchestration (A) supports rapid triage by correlating alerts, deduplicating noise, enriching with context (asset criticality, ownership, exposure), and driving consistent playbook actions (ticket creation, isolation steps, snapshotting, token revocation) with approvals.
(B) may be overbroad and can create major outages and contractual harm; it’s containment without validated scope. (C) is premature; customer communication should be accurate and proportional, usually after initial scoping and legal review. (D) is the opposite of best practice—third-party logs can be essential (EDR, CASB, SIEM, SaaS audit logs).
So (A) is the best first step because it makes triage fast, consistent, and scalable, which is exactly what you need when log volume is the main operational barrier.
