Threat-Hunting

A free, offline SOC toolkit aimed at Tier 1 analysts includes IR checklists, triage playbooks, and threat hunting guides mapped to MITRE ATT&CK, with Splunk and Elastic queries for threats such as Kerberoasting, Pass-the-Hash, LOLBAS, scheduled task persistence, and C2 on non-standard ports.

Poorly chosen performance metrics can significantly impair a SOC's ability to detect and respond to threats, leading to ineffective security operations and potential compromise.