Risk-Based Analysis / Alerting is a growing approach for defensive teams and SOCs to help cut down on noise and detect bad things happening from existing data and search volumes. As vendor-neutrally as possible, this talk will walk through the concept, why it's good, what the organisational and technical weaknesses of implementations are, and how it's going to grow in 2023/24.