I have an RSA netwitness with no incidents or alerts. I want to get an incident only from logs so that I can test that incident. As example, I need to simulate an attack to my server, as for web server. And, I will have WAF or Firewall that will send logs to RSA NW Log decoder. What I want to ask is what kind of attacks do I need to make in order to pop up incident.