alert fatigue
also: alert noise, notification fatigue, alarm fatigue
Alert fatigue is the degradation of response effectiveness that occurs when security or system administrators receive too many notifications, causing them to ignore, dismiss, or become desensitized to critical alerts.
Alert fatigue happens when monitoring systems generate so many warnings—both legitimate and false positives—that human operators can no longer effectively distinguish important issues from noise. This leads to missed critical alerts, delayed incident response, and potential security breaches.
A common example is a server running intrusion detection that fires hundreds of alerts daily, many of which are benign. After weeks of seeing low-priority warnings, an administrator may reflexively close alerts without investigation, risking the one genuine attack buried in the stream.
Linux systems monitoring tools like Nagios, Prometheus, and journald can contribute to alert fatigue if thresholds are poorly tuned. Modern practice emphasizes alert quality over quantity—configuring fewer, more meaningful alerts with appropriate severity levels and intelligent aggregation to keep human operators focused on what actually matters.