From helpnetsecurity.com
Consider this scenario: Morgan, a level 3 security analyst, arrives to a twelve-hour security operations center (SOC) shift and finds a message that a network sensor is offline. Morgan’s first hour is spent troubleshooting the sensor and bringing it back online before even beginning the workday. The next four hours of the shift is spent repeating a task Morgan has done each day for the last three weeks: tuning their new behavioral-based security solution so that it doesn’t generate countless inaccurate alerts.