False Positive alerts are the bane of blue teams everywhere. Countless hours are lost as Security Operation Center analysts attempt to separate the wheat from the alert chaff to find the real indicators of an attack. Reducing FPs is thus a critical goal for any security platform. Yet reducing FPs at the expense of missing the signs of an actual threat is inviting disaster. The solution to this conundrum lies in better engineering: building the right tools to accurately assess alerts at scale.
