The shift in modern SOCs is moving from (looking at a single alert) to proactive investigation (hunting and contextualizing the chain of events).
Master investigations into lateral movement, persistence, and command and control (C&C).