An engineer discovered a breach, identified the threat’s entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

A.	Recover from the threat.
B.	Analyze the threat.
C.	Identify lessons learned from the threat.
D.	Reduce the probability of similar threats.