What Are Security Alerts and False Positives?

In Part 7, I finally understood how SIEM works. It collects logs. Normalizes them. Runs rules. And when something matches, it creates an alert. That alert lands in the analyst's queue. And I thought .