🧪
Knowledge Challenge
A friend thinks you can answer this question about Security Orchestration Automation
Your SOC handles 8,000 alerts/day with 12 analysts. SIEM tuning is poor — false positive rate is ~85%. The CISO wants to deploy SOAR for $600K to recover analyst time. What's the right sequencing?