An alert is not useful unless it carries all of the context an analyst would need to understand to declare an incident or not.
Lessons Learned in Detection Engineering
Ryan McGeehan
1422

And context should be machine readable to the best possible extent. The analysts’ actions then become feedback for refactoring alerts or automated mitigations.