A Security Operation Centre (SOC) can only be defined through its capabilities and architecture. If you are not performing the capabilities listed below (either internally or outsourced through your current provider), then that group would not be considered a SOC.
| SOC Operation |
|---|
| Security Monitoring and Detection |
| Incident Response |
| Vulnerability assessments |
| Compliance support |
| Data protection |
| Security tool configuration, integration, and deployment |
| Security administration |
| Security architecture and engineering of systems in your environment |
| Digital forensics |
| Threat research |
| Remediation |
| Security road map and planning |
| SOC architecture and engineering (specific to the systems running your SOC) |
| Pen-testing |
| Threat hunting |
| Threat intelligence (production) |
| SOC maturity self-assessment |
| Threat intelligence (attribution) |
| Threat intelligence (feed consumption) |
| Purple teaming |
