Your company has recently experienced a security incident, and you need to determine the metrics and thresholds that should generate alerts. Which of the following is NOT a valid metric or threshold to consider?