{"id":367,"date":"2025-10-23T09:15:55","date_gmt":"2025-10-23T09:15:55","guid":{"rendered":"https:\/\/logsmith.io\/?p=367"},"modified":"2025-10-23T09:15:56","modified_gmt":"2025-10-23T09:15:56","slug":"the-cost-of-crying-wolf","status":"publish","type":"post","link":"https:\/\/logsmith.io\/index.php\/2025\/10\/23\/the-cost-of-crying-wolf\/","title":{"rendered":"The Cost of Crying Wolf: Why False Positives Are Killing Your SOC"},"content":{"rendered":"\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><strong>Introduction<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It\u2019s not the alerts you miss that break a SOC \u2014 it\u2019s the <em>thousands you never should have seen in the first place.<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">False positives eat up analyst time, erode trust in the tooling, and slowly kill detection strategies from the inside out.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The worst part? Most of them are entirely avoidable.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><strong>How False Positives Happen<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s call it out: false positives usually come from rushed or misaligned detection logic \u2014 rules built without:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Asset awareness<\/li>\n\n\n\n<li>Suppression logic<\/li>\n\n\n\n<li>Realistic thresholds<\/li>\n\n\n\n<li>Contextual enrichment<\/li>\n<\/ul>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">We\u2019ve all seen it:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<ul class=\"wp-block-list\">\n<li>A \u201csuspicious login\u201d from a known admin<\/li>\n\n\n\n<li>A \u201ccritical vulnerability\u201d alert\u2026 from a printer<\/li>\n\n\n\n<li>A \u201clateral movement\u201d detection on an air-gapped box<\/li>\n<\/ul>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">Every one of these eats up analyst minutes \u2014 and multiplies across a noisy system.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><strong>The Real Impact<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\ud83d\udd25 Burnout<br>\ud83e\udd16 Automation mistrust<br>\ud83d\udcc9 Leadership loses confidence<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Analysts <em>stop investigating real alerts<\/em> because they&#8217;ve been trained to ignore the console. That\u2019s how breaches happen.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><strong>Fixes That Work<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u2705 Suppression based on historical patterns<br>\u2705 Logic that says <em>\u201conly trigger if X + Y + Z\u201d<\/em><br>\u2705 External context: identity, business role, asset criticality<br>\u2705 Use of <strong>macros<\/strong> to isolate noise-generating index sources<br>\u2705 Detection-as-code processes that allow version control and review<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">Start simple: audit your <strong>Top 10 Noisiest Rules<\/strong>.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\">If they\u2019ve never resulted in escalation or meaningful triage in the last 30 days \u2014 fix them, or kill them.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><strong>Final Word<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">False positives are expensive. They waste time. They dull sharp teams.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A good detection engineer doesn\u2019t just <em>write new rules<\/em>.<br>They <strong>ruthlessly cut the ones that shouldn\u2019t exist.<\/strong><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Introduction It\u2019s not the alerts you miss that break a SOC \u2014 it\u2019s the thousands you never should have seen&#8230; <\/p>\n<div class=\"art-el-more\"><a href=\"https:\/\/logsmith.io\/index.php\/2025\/10\/23\/the-cost-of-crying-wolf\/\" class=\"art-link art-color-link art-w-chevron\">Read more<\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"iawp_total_views":28,"footnotes":""},"categories":[27],"tags":[29,30,36,31],"class_list":["post-367","post","type-post","status-publish","format-standard","hentry","category-insights","tag-alert-fatigue","tag-detection-engineering","tag-insight","tag-splunk-es"],"acf":[],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"Introduction It\u2019s not the alerts you miss that break a SOC \u2014 it\u2019s the thousands you never should have seen in the first place. False positives eat up analyst time, erode trust in the tooling, and slowly kill detection strategies from the inside out. The worst part? Most of them are entirely avoidable. How False\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"stebutty\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/logsmith.io\/index.php\/2025\/10\/23\/the-cost-of-crying-wolf\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"LogSmith -\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"The Cost of Crying Wolf: Why False Positives Are Killing Your SOC - LogSmith\" \/>\n\t\t<meta property=\"og:description\" content=\"Introduction It\u2019s not the alerts you miss that break a SOC \u2014 it\u2019s the thousands you never should have seen in the first place. False positives eat up analyst time, erode trust in the tooling, and slowly kill detection strategies from the inside out. The worst part? Most of them are entirely avoidable. How False\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/logsmith.io\/index.php\/2025\/10\/23\/the-cost-of-crying-wolf\/\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2025-10-23T09:15:55+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2025-10-23T09:15:56+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"The Cost of Crying Wolf: Why False Positives Are Killing Your SOC - LogSmith\" \/>\n\t\t<meta name=\"twitter:description\" content=\"Introduction It\u2019s not the alerts you miss that break a SOC \u2014 it\u2019s the thousands you never should have seen in the first place. False positives eat up analyst time, erode trust in the tooling, and slowly kill detection strategies from the inside out. The worst part? Most of them are entirely avoidable. How False\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/logsmith.io\\\/index.php\\\/2025\\\/10\\\/23\\\/the-cost-of-crying-wolf\\\/#blogposting\",\"name\":\"The Cost of Crying Wolf: Why False Positives Are Killing Your SOC - LogSmith\",\"headline\":\"The Cost of Crying Wolf: Why False Positives Are Killing Your SOC\",\"author\":{\"@id\":\"https:\\\/\\\/logsmith.io\\\/index.php\\\/author\\\/stebutty\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/logsmith.io\\\/#organization\"},\"datePublished\":\"2025-10-23T09:15:55+00:00\",\"dateModified\":\"2025-10-23T09:15:56+00:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/logsmith.io\\\/index.php\\\/2025\\\/10\\\/23\\\/the-cost-of-crying-wolf\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/logsmith.io\\\/index.php\\\/2025\\\/10\\\/23\\\/the-cost-of-crying-wolf\\\/#webpage\"},\"articleSection\":\"Insights, Alert Fatigue, Detection Engineering, insight, Splunk ES\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/logsmith.io\\\/index.php\\\/2025\\\/10\\\/23\\\/the-cost-of-crying-wolf\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/logsmith.io#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/logsmith.io\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/logsmith.io\\\/index.php\\\/category\\\/insights\\\/#listItem\",\"name\":\"Insights\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/logsmith.io\\\/index.php\\\/category\\\/insights\\\/#listItem\",\"position\":2,\"name\":\"Insights\",\"item\":\"https:\\\/\\\/logsmith.io\\\/index.php\\\/category\\\/insights\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/logsmith.io\\\/index.php\\\/2025\\\/10\\\/23\\\/the-cost-of-crying-wolf\\\/#listItem\",\"name\":\"The Cost of Crying Wolf: Why False Positives Are Killing Your SOC\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/logsmith.io#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/logsmith.io\\\/index.php\\\/2025\\\/10\\\/23\\\/the-cost-of-crying-wolf\\\/#listItem\",\"position\":3,\"name\":\"The Cost of Crying Wolf: Why False Positives Are Killing Your SOC\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/logsmith.io\\\/index.php\\\/category\\\/insights\\\/#listItem\",\"name\":\"Insights\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/logsmith.io\\\/#organization\",\"name\":\"LogSmith\",\"url\":\"https:\\\/\\\/logsmith.io\\\/\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/logsmith.io\\\/index.php\\\/author\\\/stebutty\\\/#author\",\"url\":\"https:\\\/\\\/logsmith.io\\\/index.php\\\/author\\\/stebutty\\\/\",\"name\":\"stebutty\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/logsmith.io\\\/index.php\\\/2025\\\/10\\\/23\\\/the-cost-of-crying-wolf\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e1dba347d57277353b989e49264b8b013fe6eed788c3370ebda5270222c5eefb?s=96&d=mm&r=g\",\"width\":96,\"height\":96,\"caption\":\"stebutty\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/logsmith.io\\\/index.php\\\/2025\\\/10\\\/23\\\/the-cost-of-crying-wolf\\\/#webpage\",\"url\":\"https:\\\/\\\/logsmith.io\\\/index.php\\\/2025\\\/10\\\/23\\\/the-cost-of-crying-wolf\\\/\",\"name\":\"The Cost of Crying Wolf: Why False Positives Are Killing Your SOC - LogSmith\",\"description\":\"Introduction It\\u2019s not the alerts you miss that break a SOC \\u2014 it\\u2019s the thousands you never should have seen in the first place. False positives eat up analyst time, erode trust in the tooling, and slowly kill detection strategies from the inside out. The worst part? Most of them are entirely avoidable. How False\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/logsmith.io\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/logsmith.io\\\/index.php\\\/2025\\\/10\\\/23\\\/the-cost-of-crying-wolf\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/logsmith.io\\\/index.php\\\/author\\\/stebutty\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/logsmith.io\\\/index.php\\\/author\\\/stebutty\\\/#author\"},\"datePublished\":\"2025-10-23T09:15:55+00:00\",\"dateModified\":\"2025-10-23T09:15:56+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/logsmith.io\\\/#website\",\"url\":\"https:\\\/\\\/logsmith.io\\\/\",\"name\":\"LogSmith\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/logsmith.io\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"The Cost of Crying Wolf: Why False Positives Are Killing Your SOC - LogSmith","description":"Introduction It\u2019s not the alerts you miss that break a SOC \u2014 it\u2019s the thousands you never should have seen in the first place. False positives eat up analyst time, erode trust in the tooling, and slowly kill detection strategies from the inside out. The worst part? Most of them are entirely avoidable. How False","canonical_url":"https:\/\/logsmith.io\/index.php\/2025\/10\/23\/the-cost-of-crying-wolf\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/logsmith.io\/index.php\/2025\/10\/23\/the-cost-of-crying-wolf\/#blogposting","name":"The Cost of Crying Wolf: Why False Positives Are Killing Your SOC - LogSmith","headline":"The Cost of Crying Wolf: Why False Positives Are Killing Your SOC","author":{"@id":"https:\/\/logsmith.io\/index.php\/author\/stebutty\/#author"},"publisher":{"@id":"https:\/\/logsmith.io\/#organization"},"datePublished":"2025-10-23T09:15:55+00:00","dateModified":"2025-10-23T09:15:56+00:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/logsmith.io\/index.php\/2025\/10\/23\/the-cost-of-crying-wolf\/#webpage"},"isPartOf":{"@id":"https:\/\/logsmith.io\/index.php\/2025\/10\/23\/the-cost-of-crying-wolf\/#webpage"},"articleSection":"Insights, Alert Fatigue, Detection Engineering, insight, Splunk ES"},{"@type":"BreadcrumbList","@id":"https:\/\/logsmith.io\/index.php\/2025\/10\/23\/the-cost-of-crying-wolf\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/logsmith.io#listItem","position":1,"name":"Home","item":"https:\/\/logsmith.io","nextItem":{"@type":"ListItem","@id":"https:\/\/logsmith.io\/index.php\/category\/insights\/#listItem","name":"Insights"}},{"@type":"ListItem","@id":"https:\/\/logsmith.io\/index.php\/category\/insights\/#listItem","position":2,"name":"Insights","item":"https:\/\/logsmith.io\/index.php\/category\/insights\/","nextItem":{"@type":"ListItem","@id":"https:\/\/logsmith.io\/index.php\/2025\/10\/23\/the-cost-of-crying-wolf\/#listItem","name":"The Cost of Crying Wolf: Why False Positives Are Killing Your SOC"},"previousItem":{"@type":"ListItem","@id":"https:\/\/logsmith.io#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/logsmith.io\/index.php\/2025\/10\/23\/the-cost-of-crying-wolf\/#listItem","position":3,"name":"The Cost of Crying Wolf: Why False Positives Are Killing Your SOC","previousItem":{"@type":"ListItem","@id":"https:\/\/logsmith.io\/index.php\/category\/insights\/#listItem","name":"Insights"}}]},{"@type":"Organization","@id":"https:\/\/logsmith.io\/#organization","name":"LogSmith","url":"https:\/\/logsmith.io\/"},{"@type":"Person","@id":"https:\/\/logsmith.io\/index.php\/author\/stebutty\/#author","url":"https:\/\/logsmith.io\/index.php\/author\/stebutty\/","name":"stebutty","image":{"@type":"ImageObject","@id":"https:\/\/logsmith.io\/index.php\/2025\/10\/23\/the-cost-of-crying-wolf\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/e1dba347d57277353b989e49264b8b013fe6eed788c3370ebda5270222c5eefb?s=96&d=mm&r=g","width":96,"height":96,"caption":"stebutty"}},{"@type":"WebPage","@id":"https:\/\/logsmith.io\/index.php\/2025\/10\/23\/the-cost-of-crying-wolf\/#webpage","url":"https:\/\/logsmith.io\/index.php\/2025\/10\/23\/the-cost-of-crying-wolf\/","name":"The Cost of Crying Wolf: Why False Positives Are Killing Your SOC - LogSmith","description":"Introduction It\u2019s not the alerts you miss that break a SOC \u2014 it\u2019s the thousands you never should have seen in the first place. False positives eat up analyst time, erode trust in the tooling, and slowly kill detection strategies from the inside out. The worst part? Most of them are entirely avoidable. How False","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/logsmith.io\/#website"},"breadcrumb":{"@id":"https:\/\/logsmith.io\/index.php\/2025\/10\/23\/the-cost-of-crying-wolf\/#breadcrumblist"},"author":{"@id":"https:\/\/logsmith.io\/index.php\/author\/stebutty\/#author"},"creator":{"@id":"https:\/\/logsmith.io\/index.php\/author\/stebutty\/#author"},"datePublished":"2025-10-23T09:15:55+00:00","dateModified":"2025-10-23T09:15:56+00:00"},{"@type":"WebSite","@id":"https:\/\/logsmith.io\/#website","url":"https:\/\/logsmith.io\/","name":"LogSmith","inLanguage":"en-US","publisher":{"@id":"https:\/\/logsmith.io\/#organization"}}]},"og:locale":"en_US","og:site_name":"LogSmith -","og:type":"article","og:title":"The Cost of Crying Wolf: Why False Positives Are Killing Your SOC - LogSmith","og:description":"Introduction It\u2019s not the alerts you miss that break a SOC \u2014 it\u2019s the thousands you never should have seen in the first place. False positives eat up analyst time, erode trust in the tooling, and slowly kill detection strategies from the inside out. The worst part? Most of them are entirely avoidable. How False","og:url":"https:\/\/logsmith.io\/index.php\/2025\/10\/23\/the-cost-of-crying-wolf\/","article:published_time":"2025-10-23T09:15:55+00:00","article:modified_time":"2025-10-23T09:15:56+00:00","twitter:card":"summary_large_image","twitter:title":"The Cost of Crying Wolf: Why False Positives Are Killing Your SOC - LogSmith","twitter:description":"Introduction It\u2019s not the alerts you miss that break a SOC \u2014 it\u2019s the thousands you never should have seen in the first place. False positives eat up analyst time, erode trust in the tooling, and slowly kill detection strategies from the inside out. The worst part? Most of them are entirely avoidable. How False"},"aioseo_meta_data":{"post_id":"367","title":null,"description":null,"keywords":null,"keyphrases":{"focus":{"keyphrase":"","score":0,"analysis":{"keyphraseInTitle":{"score":0,"maxScore":9,"error":1}}},"additional":[]},"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"BlogPosting","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":{"faqs":[],"keyPoints":[],"titles":[],"descriptions":[],"socialPosts":{"email":[],"linkedin":[],"twitter":[],"facebook":[],"instagram":[]}},"created":"2025-10-23 09:15:56","updated":"2025-10-23 09:15:57","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/logsmith.io\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/logsmith.io\/index.php\/category\/insights\/\" title=\"Insights\">Insights<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tThe Cost of Crying Wolf: Why False Positives Are Killing Your SOC\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/logsmith.io"},{"label":"Insights","link":"https:\/\/logsmith.io\/index.php\/category\/insights\/"},{"label":"The Cost of Crying Wolf: Why False Positives Are Killing Your SOC","link":"https:\/\/logsmith.io\/index.php\/2025\/10\/23\/the-cost-of-crying-wolf\/"}],"_links":{"self":[{"href":"https:\/\/logsmith.io\/index.php\/wp-json\/wp\/v2\/posts\/367","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/logsmith.io\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/logsmith.io\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/logsmith.io\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/logsmith.io\/index.php\/wp-json\/wp\/v2\/comments?post=367"}],"version-history":[{"count":1,"href":"https:\/\/logsmith.io\/index.php\/wp-json\/wp\/v2\/posts\/367\/revisions"}],"predecessor-version":[{"id":368,"href":"https:\/\/logsmith.io\/index.php\/wp-json\/wp\/v2\/posts\/367\/revisions\/368"}],"wp:attachment":[{"href":"https:\/\/logsmith.io\/index.php\/wp-json\/wp\/v2\/media?parent=367"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/logsmith.io\/index.php\/wp-json\/wp\/v2\/categories?post=367"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/logsmith.io\/index.php\/wp-json\/wp\/v2\/tags?post=367"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}