Decision support is how we use tech to enable our SOC analysts to answer the right questions about a security event in an easy way. Its also a key component on how we make sure our analysts arent over subscribed. At Expel, decision support is made up of four key components: Automation Contextual enrichment (especially important in the era of cloud automation) Investigation orchestration User interface attributes and user interface attributes are key to SOC efficiency. The time it takes to investigate and report suspicious login activity by 75 percent between October 2019 and March 2020.”]
Source: https://expel.io/blog/spotting-suspicious-logins-at-scale/

