Just a reminder to keep calm even when it feels like every system around you is crashing down to the ground.
Keep a level head and calmly review the log data available, only ruling an event out when the evidence backs it up.
If you don’t have the necessary logs available, use the incident to gain management approval to invest in the necessary logging infrastructure. It probably doesn’t even have to be expensive. Just the cost of some decent hardware and a good networked installation of SecurityOnion. (A Snort Talos subscription would also help, and they aren’t expensive, either…)
Most of the time, things aren’t really as bad as they seem, but if they are, you’ll be well served to keep a level head as you work through the issue.