When a cyberattack occurs, the SOC acts as the digital front line, responding forcefully to the security incident while also minimizing the impact on business operations. Since SOC resources are limited, we need to maintain a delicate balance on our analysts making sure we are not overloading them with incidents. In Sentinel we are constantly thinking of ways to improve SOC performance, reduce false positives, and drive down MTTR as low as possible. In our example, our SOC has several low-severity rules as a part of the mix. Each of the low-severity rules can create alerts and incidents that we want to make sure are not overloading the SOC.