There are quite a few reasons why you might be suffering from alert fatigue: 1. You might have too many tools, each one telling you something slightly different (this is remarkably common); 2. You’ve set your alert thresholds too low so you’re seeing lots of false positives (default starting position for most tools); 3. You might be just be under a sustained attack – I got over 2000 alerts one weekend for failed attempts to login to a WordPress backend despite the auto-blocking I had set up. I.E. 2000 separate IPs were having a crack at my server…:
[…] The proliferation of security tools is also contributing to the alert fatigue challenge, Chuvakin notes. “Today we have a dramatically wider scope of where we are looking for threats,” he continues. “We have more stuff to monitor, and that leads alerts to increase as well.” The most obvious risk of alert overload, of course, is companies could miss the most damaging attacks.