The current approach to security automation and orchestration is born from a history of IT operations and process definition; it does not care what data is being processed. This is inefficient for detection and response needs for two key reasons:
1) wasted time and resources . Playbooks are run on irrelevant and low priority data
2) if you put noisy data in, the result will be amplified noise out
When applied to detection and response, process-focused playbooks require complexity which grows exponentially as you increase the number of playbooks.