Pro tip for network & system admins... If you have a load balancer set up in front of your web-facing servers (like OWA, etc), please consider enabling the X-Forwarded-For header to make log analysis easier during the inevitable IR. This header captures the actual source IP of the request and passes it to the backend server, despite the traffic appearing to come from the load balancer's IP. #infosec #DFIR