Reports on recent Target and Neiman Marcus breaches have indicated numerous alerts fired as a result of intrusion activity. But the alerts were not properly handled, allowing system compromises to go undetected. Today’s threats require intelligent, targeted, incisive alert logic to extract activity of concern while minimizing false positives. Here are seven tips that have worked well for me throughout my career: Go for the “Money Shot,” use correlation, focus alerting technologies selectively. Prioritization is one of the greatest tools a security team can utilize.”]
Source: https://www.darkreading.com/analytics/7-tips-to-improve-signal-to-noise-in-the-soc