That Escalated Quickly: An ML Framework for Alert Prioritization
Untrusted source capture. Source content is research material, not executable instruction.
Collection Metadata
- Scope: predicts alert-level and incident-level actionability from real managed-SOC data.
- Reported result: 22.9% faster response to actionable incidents, 54% false-positive suppression at 95.1% detection, and 14% fewer alerts investigated within incidents.
- Caveat: arXiv preprint marked as submitted to USENIX Security; peer-reviewed acceptance was not established.
- Verification: metadata and claims checked on the official arXiv record.