What Anton Chuvakin is Saying About SOC Threat Coverage

Posted by Phil Neray on February 7, 2022

Anton Chuvakin, SIEM expert and former Gartner analyst (now at Google Chronicle) has written a thought-provoking blog post titled "SOC Threat Coverage Analysis — Why/How?".

In the post, he discusses:

  • Why the detection coverage gap is so large at many organizations (broken log collectors, missing rules, etc.)
  • Why just mapping to MITRE ATT&CK is insufficient on its own to fully operationalize MITRE ATT&CK in your SOC
  • How to systematically improve threat coverage in your SOC
Read more.

Topics: Featured, Threat Management, SecOps