SOC Alert Triage Automation

A SOC-focused workflow to reduce alert fatigue through enrichment, risk scoring, and suppression logic.
Workflow SOC untuk menekan alert fatigue melalui enrichment, risk scoring, dan suppression yang terkontrol.

High false-positive volume delayed response to critical incidents and overloaded analyst queues.
Volume false positive yang tinggi menunda respons insiden kritis dan membebani antrean analis.

Implemented IOC enrichment, severity scoring, and low-value alert suppression integrated with playbook automation.
Menerapkan enrichment IOC, scoring tingkat risiko, dan suppression alert bernilai rendah yang terintegrasi playbook otomatis.

Alert noise reduced by 57% and median response time improved from 2h20m to 58m within one quarter.
Noise alert turun 57% dan median response time meningkat dari 2 jam 20 menit menjadi 58 menit dalam satu kuartal.