For security analysts, a flow of security alerts is an inevitable consequence of the digital age. Moreover, as alerts can signal business-impacting incidents, the enterprise's security staff cannot be complacent. Staff must be relentless in gathering logs, setting alert parameters, assessing alert severity, and then prudently responding to incidents with countermeasures. This, however, is a demanding responsibility. The broadening range, complexity, and dynamism of the enterprise's network and systems, combined with a well-armed and motivated hacker community, guarantees that security alerts will increase in volume and diversity. Thus, what may have once been a manageable trickle of routine alerts has escalated into a continuous bombardment that few businesses are equipped to reliably tame. Consequently, the mission of security organizations to protect the interests of the business through timely and effective management of security alerts and incident response has tumbled into a state of jeopardy.