AI-Driven Security Alert Screening and Alert Fatigue Mitigation in Security Operations Centers: A Comprehensive Survey
For security operations researchers and practitioners, this survey provides a structured taxonomy and identifies critical research gaps, but is incremental as it does not introduce new methods or results.
This survey reviews AI-driven alert screening and fatigue mitigation in Security Operations Centers, synthesizing 119 records into a four-stage workflow taxonomy, and identifies persistent gaps in deployment realism, adversarial robustness, and evaluation practice.
Security alert screening is the downstream task of filtering, prioritizing, correlating, and contextualizing alerts for analyst attention in Security Operations Centers. This survey reviews artificial-intelligence-driven alert screening and alert-fatigue mitigation from 2015 to 2026. We synthesize 119 records, including 87 core studies, into a four-stage workflow taxonomy covering filtering, triage, correlation, and generative augmentation. We find persistent gaps in deployment realism, adversarial robustness, cross-environment validation, and evaluation practice. The survey concludes with a research agenda toward trustworthy Cognitive Security Operations Centers.