The daily loop
An alert fires. You open it. You read through the details. You gather context from the surrounding activity. You check for related signals across your environment. You decide what it means and what to do next. Sometimes you escalate. Sometimes you close it and move on.
You do this dozens of times a day. The steps are almost always the same. The data you need is already in your SIEM....
