SOC METRICS

SOC METRICS

Some typical SOC metrics to demonstrate the SOC value to the business decision makers may include:

  • The mean TTD of the incident after its occurrence
  • The mean time to contain the incident after its detection
  • The mean time to mitigate the incident after its containment
  • The number of incidents being detected, contained, and mitigated
  • The percentage of the discovered incidents found using the plays in the SOC playbook
  • The number of new plays added to the SOC playbook
  • The number of zero-day attack detections
  • The false positive or true positive detection rate
  • The operational cost of running the SOC
Comments are closed.