Noise Pollution is Damaging Your SOC: Prevent IoCs From Turning Into Indication of Cacophony
Joey D
NorthSec 2025 · Day 2 · Salle de bal
Joey D, team lead of a detection engineering team at the Canadian Centre for Cyber Security (CCCS), argues that alert fatigue in Security Operations Centres is not just a tooling problem — it is a data quality and context problem. Using Windows Delivery Optimization (port 7680) as a concrete case study, he demonstrates how a well-framed "20-20" knowledge base entry turns a panic-inducing Friday-afternoon critical alert into a routine triage in under twenty seconds. ---
AI review
CCCS detection engineering team lead uses Windows Delivery Optimization (port 7680) as a case study to argue that SOC alert fatigue is a documentation problem, not just a tooling problem — and proposes the '20-20 knowledge base' as the unit of detection quality.