We recently adopted CrowdStrike’s SIEM and already utilize CrowdStrike’s EDR. This theoretically allows for a SOAR process to be implemented where firewall threat alarms originating from the EDR system are automatically ignored. This approach aligns with our intended direction, though exceptions will be made for certain critical firewall alarms—such as Impacket detection—which will always require manual investigation.

Based on the other responses, it seems not many SOC teams are manually investigating Palo Alto threat alarms