Someone has violated corporate policy by watching porn using the corp PC. Do you have the authority?
Nearly all IP (intellectual property) are recreated by a competitor. Investigate the development machine
Running netstat, see the weird python script with established connection to some remote host: Grab the executable: lsof -p 2082 and ps aux grep 2082.
Compromised Apache Web server with drupal application used for local team. There was some unusual activity noticed between 05/10 and 08/10/19.
IP theft and Kali Linux is a suspect. Has the user exfiltrated pictures or documents?