Incident response is the major challenge  of corporate security, caused by expansion of targeted cyberattacks and talent shortage. But what does this mean from a technical perspective? In this track we reveal the real challenge of identifying the latest APT in the white noise of thousands of security alerts from a typical system. Automation is the solution, but how to do it properly?