I want to discuses a scenario wherein a server in DMZ got compromised and I need to do the forensics using only Envision. What would be the probable steps?
I suggest you to use the RSA enVision Event Explorer to retrieve the logs of the compromised server (the logs collected by enVision) and from there you can start doing the forensic to determine how the server got compromised.
I hope this help.
Retrieving data ...