No, SOAR tools make life pretty easy. 5 person SOC team + boss, 700 person org. Not overstaffed.
I get a few alerts every few hours. Investigate, determine if false positive, and go back to gaming. Unless it’s the off chance it’s not a false positive. Then I do an hour of work or so. Then back to gaming.
Removed by mod