Glossary
Alert Fatigue
Alert fatigue is the condition where SOC analysts become desensitized to security alerts because the signal-to-noise ratio is too low. When most alerts are false positives or low-severity, analysts start skipping, batching, or dismissing them — which is exactly when a real attack slips through. Alert fatigue is a leading driver of SOC analyst burnout.
In depth
Alert fatigue compounds. Once an analyst learns that 95% of CrowdStrike alerts from a particular tenant are noise, the cognitive cost of investigating each one rises, and the careful triage that catches the 5% real attacks degrades. The fix is usually some combination of tuning detections at the source, escalation thresholds, on-call rotation discipline, and tooling that reduces the friction of dismissing a confirmed false positive.
Alert Fatigue and PocketSOC
PocketSOC contributes to fighting alert fatigue by letting analysts dismiss obvious false positives quickly from a phone — without the 5-10 minute laptop / VPN / console boot cycle that adds friction to every triage decision. Faster benign-alert dismissal means the real ones get the attention they deserve.
Related terms
SOC →
A Security Operations Center (SOC) is the team and facility responsible for continuously monitoring an organization's security posture.
MTTR →
Mean Time to Respond (MTTR) is the average elapsed time between when a security alert is generated and when the SOC takes a meaningful response action.
False Positive →
A false positive is a security alert that fires for behavior that turns out not to be malicious.