When observing the data crossing your networks or in your log files, you can determine if there was an actual attack.
Not all abnormalities are signs of an attack.