In most cases I would agree.

In the instance of a heavily secured state-of-the-art datacenter with armed guards it should’ve gotten flagged immediately.

Then again thats assuming the people in the SOC aren’t massively overworked and were paying enough attention of course