This thesis investigates the performance of the DeepCASE[13] alert-filtering system when incorporated into a multi-system security detection environment and compares its efficacy to other state-of-the-art alert-filtering tools, such as the Integration Layer in[30]. The main research question addressed is: How does the DeepCASE system perform in a setup with multiple security detection systems, and how does its performance relate to other state-of-the-art alert-filtering systems? This research is of critical importance given the growing complexity of cybersecurity environments, where various detection systems frequently create overwhelming amounts of alerts. Key Findings: • Metrics for Evaluating Alert-Filtering Systems: SQ1 looked into relevant metrics for determining the efficiency and efficacy of alert-filtering systems. It was shown that general performance metrics can be misleading in complex environments. Granular metrics, such as false negative and true positive rates, yield more meaningful evaluations. In this study, the false negative rate was ranked first, followed by workload reduction, as key indicators for evaluating DeepCASE. • DeepCASE Performance with Multiple Detection Systems: SQ2 evaluated DeepCASE’s per- formance in a multi-system setting. DeepCASE achieved promising results, with a 0% false negative rate and an 87% reduction in workload. These findings demonstrate its usefulness in managing alerts across several security detection systems while maintaining accuracy. • Improvements for Multi-System Integration: SQ3 looked at potential improvements to Deep- CASE’s performance in a multi-system environment. We tested with a variety of tactics, including alert aggregation and incorporating security analyst expertise. It was discovered that incorporating security analysts’ expertise via the ”IL Preprocessing approach” considerably increased performance, resulting in a 0% false negative rate and an impressive 96% workload reduction. This emphasizes the significance of expert-driven preparation in improving alert filtering. It should also be noted that out of all of the attempted alert aggregation approach, the 1-Minute window alert aggregation also managed to provide some improvement, achieving 0% false negative rate with a 90% workload reduction. • Comparison with State-of-the-Art Systems: SQ4 compared DeepCASE’s performance to a state- of-the-art alert-filtering system, namely the Integration Layer. DeepCASE performed remarkably well, outperforming the Integration Layer when not all of the latter’s preprocessing approaches were used. However, the paper notes that a properly optimized integration layer may have different outcomes. DeepCASE is highly effective in situations involving multiple security detection systems, significantly reduc- ing workload while retaining zero false negatives. However, expert-driven preprocessing techniques signifi- cantly improve its performance. While it compares favorably to other cutting-edge systems, further research is needed to fully understand the potential of these systems when completely tuned. This thesis advances our understanding of how alert-filtering systems can be evaluated and adjusted in complex, multi-system situations, giving useful insights for improving cybersecurity operations.