That Escalated Quickly: An ML Framework for Alert Prioritization. (arXiv:2302.06648v1 [cs.CR])

In place of in-house solutions, organizations are increasingly moving towards
managed services for cyber defense. Security Operations Centers are specialized
cybersecurity units responsible for the defense of an organization, but the
large-scale centralization of threat detection is causing SOCs to endure an
overwhelming amount of false positive alerts -- a phenomenon known as alert
fatigue. Large collections of imprecise sensors, an inability to adapt to known
false positives, evolution of the threat landscape, and inefficient use of
analyst time all …

alert alert fatigue alerts centers centralization cyber cyber defense cybersecurity defense detection false positive false positive alerts false positives framework house large managed managed services moving operations organization organizations prioritization quickly responsible scale security security operations sensors services socs solutions threat threat detection