Does this skill track individual analyst performance?

It tracks overall productivity and workload distribution to help optimize processes and staffing. It is designed for process improvement rather than punitive individual performance management.

How much historical data is required for these metrics?

For accurate trend analysis and meaningful baseline measurement, it is recommended to have at least 90 days of incident and alert disposition data available in your SIEM.

Which SIEM platforms are supported by this skill?

While the skill includes specific SPL examples for Splunk, the underlying measurement logic and KPIs can be adapted for any platform like Microsoft Sentinel, Elastic, or Google Chronicle that stores incident timestamps.

Can I map my SOC metrics to security frameworks?

Yes, this skill specifically maps operational metrics to NIST CSF 2.0 functions (Detect, Respond, Recover) and detection coverage to MITRE ATT&CK techniques.

SOC Metrics & KPI Tracking

Name: SOC Metrics & KPI Tracking
Author: mukul975

bymukul975

•

4,121

•

安全与测试

Builds comprehensive Security Operations Center (SOC) performance dashboards and KPI tracking systems to measure and optimize security effectiveness.

This skill enables security teams to automate the measurement of critical SOC performance indicators such as Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), and alert quality ratios. By integrating with SIEM data and incident management systems, it provides actionable visibility into operational efficiency, detection coverage mapped to MITRE ATT&CK, and analyst productivity. It is an essential tool for SOC leadership needing executive-level reporting, continuous improvement baselines, or data-driven staffing justifications to prove the ROI of security operations.

主要功能

01Alert quality assessment including True Positive/False Positive (TP/FP) ratios

024,121 GitHub stars

03Analyst productivity and shift-based workload distribution metrics

04Automated MTTD, MTTR, and MTTA calculation using SIEM and ticketing data

05Executive-ready reporting templates for security posture and ROI

06MITRE ATT&CK detection coverage heatmaps and gap analysis tracking

使用场景

01Generating quarterly business reviews (QBR) for security leadership and stakeholders

02Optimizing incident response lifecycles by identifying bottlenecks in triage and containment

03Justifying security headcount and budget through workload and capacity data

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills building-soc-metrics-and-kpi-tracking

For use in Claude.ai and ChatGPT

主要功能

01Alert quality assessment including True Positive/False Positive (TP/FP) ratios

024,121 GitHub stars

03Analyst productivity and shift-based workload distribution metrics

04Automated MTTD, MTTR, and MTTA calculation using SIEM and ticketing data

05Executive-ready reporting templates for security posture and ROI

06MITRE ATT&CK detection coverage heatmaps and gap analysis tracking

使用场景

01Generating quarterly business reviews (QBR) for security leadership and stakeholders

02Optimizing incident response lifecycles by identifying bottlenecks in triage and containment

03Justifying security headcount and budget through workload and capacity data

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills building-soc-metrics-and-kpi-tracking

For use in Claude.ai and ChatGPT