AI-Driven Security Alert Screening and Alert Fatigue Mitigation in Security Operations Centers: A Survey

Security alert screening is the downstream task of filtering, prioritizing, correlating, and contextualizing alerts for analyst attention in Security Operations Centers. This survey reviews artificial-intelligence-driven alert screening and alert-fatigue mitigation from 2015 to 2026. We synthesize 119 records, including 87 core studies, into a four-stage workflow taxonomy covering filtering, triage, correlation, and generative augmentation. We find persistent gaps in operational validation, adversarial robustness, cross-environment generalization, and evaluation practice. The survey concludes with a research agenda toward trustworthy Cognitive Security Operations Centers.