Alert fatigue occurs when excessive false-positive alerts cause analysts to ignore or dismiss them — including real attacks.
Target breach (2013): FireEye alerts were dismissed as noise. Fix: tune detection rules aggressively, use SOAR for automation, risk-score alerts, prioritize quality over quantity of detections.