Triage is supposed to make things simpler. In a lot of teams, it does the opposite. When you cant reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and just escalate it calls. That cost doesnt stay inside the SOC; it shows up as missed SLAs, higher cost per case, and more room for real threats to slip through. So where does triage go wrong? Here are five triage