The only thing as bad as a rule that doesn’t fire when it should, is a rule that fires when it shouldn’t. It’s like the boy who cried ‘wolf’ – noisy detections lead to alert fatigue which, according to a report conducted by International Data Corporation (IDC), results in complacency on the SOC team.
This research summary lists the 3 top causes of noisy detection rules in your SIEM, followed by 5 best practices to help you minimize noise in your SIEM. Following the list is a description of how AI + automation can help enhance the effectiveness and efficiency of your SIEM and operationalize MITRE ATT&CK in your SOC.
