A security analyst is reviewing the logs from an intrusion detection system (IDS) and needs to correlate these logs with network traffic to understand the scope of a suspected breach. Which of the following will provide the MOST useful information for correlating the time of the suspicious IDS alerts with the network traffic captured?
Device configuration settings from the network management system
User account changes logged in the authentication server records
Application error messages captured by the system's event logs
Traffic flow metadata collected from network devices such as switches and routers