The majority of SOC teams are overworked & under-appreciated. Generally, they get flooded with alerts. There aren't enough human beings or resources to deal with the volume of alerts.
So teams will 'turn down' their SIEM solutions so that they can deal with a realistic volume.
The downside is that you're going to miss alerts you should deal with & you're going to get a lot of false positives."
Stephen Creedon shares a highly popular Tines workflow to do the opposite: turn your SIEM (Elastic) up to 100 and let smart, secure workflows built by you & powered by Tines take care of the analysis for you.
Smart, secure workflows for your whole team. The world's best companies
— from startups to the Fortune 10 – trust Tines to powerfully manage their
mission critical workflows, automatically responding to and remediating
alerts in real time.…