Security Operations Centers (SOCs) grapple with alert fatigue caused by overwhelming volumes of alerts, hindering timely responses to critical threats. This study systematically reviews 119 works published between 2015 and 2026, including 87 core contributions, and proposes the first four-stage alert processing workflow taxonomy encompassing filtering, triage, correlation, and generative augmentation. It traces the evolution of machine learning, deep learning, graph neural networks, and large language models in alert prioritization and reduction. The analysis identifies critical gaps in deployment realism, adversarial robustness, cross-environment validation, and evaluation practices. Building on these insights, the paper outlines a future research agenda toward trustworthy cognitive SOCs, offering a theoretical foundation and strategic direction for developing efficient and reliable security operations frameworks.

Security alert screening is the downstream task of filtering, prioritizing, correlating, and contextualizing alerts for analyst attention in Security Operations Centers. This survey reviews artificial-intelligence-driven alert screening and alert-fatigue mitigation from 2015 to 2026. We synthesize 119 records, including 87 core studies, into a four-stage workflow taxonomy covering filtering, triage, correlation, and generative augmentation. We find persistent gaps in deployment realism, adversarial robustness, cross-environment validation, and evaluation practice. The survey concludes with a research agenda toward trustworthy Cognitive Security Operations Centers.