The bane of all security teams is a false positive combined with little or no information to diagnose it. Even the simplest alert could require a time-consuming search through multiple systems, databases, logs, and reports just to get to the point where an analyst understands what (or what hasn’t) happened and then formulates a response. Practitioners call this “swivel chair investigation.” (Watch the video.)
