What is the difference between a true positive and a false positive in security monitoring? Why is it important for a SOC analyst to distinguish between the two?

Sample answer preview

In security monitoring, a true positive occurs when a security tool correctly identifies a real threat or malicious activity. For example, if the SIEM generates an alert for a brute-force attack against a server and investigation confirms that someone was indeed attempting…