Quality is the SOC Metric that matters the most.
But the one no one can measure

Now there’s a scorecard — and a tool that applies it the same way, every time across all your cases.

Read "Why the Quality Matters" white paper

Anatomy of a Quality Case

A quality case turns messy telemetry into a decision you can trust - and a next step you can take.

Triggered Alert

What really happened?

Is this benign or malicious?

What additional questions do I need to answer to make the above decision with high accuracy?

Make a decision – is it benign or malicious?

Actions

Questions that a good investigation should answer 9

Are the flagged AWS API calls actually first-time actions for this user account based on historical CloudTrail data?

Weight: 5 Partially Answered Critical Gap

What is the user’s typical pattern of AWS API usage and administrative responsibilities?

Weight: 5 Not Answered Critical Gap

Is the source IP address and geolocation consistent with the user’s expected access patterns?

Weight: 3 Partially Answered Critical Gap

Does the user have legitimate business justification and appropriate permissions for the AWS services accessed?

Weight: 3 Not Answered Critical Gap

Are there any threat intelligence indicators associated with the source IP, user agent, or API call patterns?

Weight: 1 Partially Answered Critical Gap

Is the user account showing any indicators of compromise in recent activity logs?

Weight: 5 Partially Answered

Are there any anomalies in the authentication method, MFA status, or session characteristics?

Weight: 3 Partially Answered

What specific AWS resources and data did the user access or enumerate through these API calls?

Weight: 3 Partially Answered

Did the first-seen API calls occur in rapid succession or follow any suspicious timing patterns?

Weight: 3 Partially Answered

Case reviews become a repeatable coaching loop.

A quality case turns messy telemetry into a decision you can trust — and a next step you can take.

Ready to Grade a SOC Case?
AI-Powered Security Operations

Get an instant case-quality score and actionable feedback using a transparent rubric.

Need more detail first?
Read the White Paper
Download the Manual Toolkit (Scorecard + Rubric + Spreadsheet)