How Mature SOCs Handle "Business Hours" Alerts in 24/7 Environments

An analyst from a small SOC (20 clients) describes the challenges of managing alerts generated outside of clients' business hours, particularly for RDP connections, VPN, and O365 logins. With the addition of clients operating 24/7, these alerts become less relevant, leading to an increase in tickets for L1 analysts. The SOC, operational for a year and a half, is looking to optimize its detection strategy by adjusting rules and integrating more context or conditional logic. The question focuses on the methods used by more mature SOCs to handle this type of scenario.