MITRE ATT&CK v15 4-Week Engagement

SOC Consulting &
Maturity Assessment Services India

Before committing major capex to building or rebuilding your SOC, you need to know exactly where your current detection gaps are, which investments will have the most impact, and what a realistic 12-month improvement roadmap looks like. Ogma's SOC consulting engagement delivers an independent, evidence-based assessment — not a tool vendor's self-serving questionnaire.

View Deliverables
40+
SOC assessments delivered
4 Weeks
Standard engagement duration
14 Domains
SOC maturity dimensions assessed
5 Levels
SOC-CMM maturity scale

Consulting Deliverables

Every assessment produces these five evidence-based outputs.

SOC Maturity Assessment Report

A scored maturity assessment across 14 SOC capability domains: detection engineering, alert triage, incident response, threat intelligence, vulnerability management, SOAR automation, compliance reporting, analyst training, and more. Each domain is scored on a 1–5 scale with evidence-based findings.

  • 14-domain maturity scoring
  • Benchmark against India BFSI/sector peers
  • Top 5 critical gaps highlighted
  • Executive summary (2-page CISO brief)
MITRE ATT&CK Gap Analysis

We review your SIEM's active detection rules, map them to MITRE ATT&CK v15 tactics and techniques, and produce a coverage heat map showing where you have visibility, where you're blind, and which blind spots matter most given your industry's threat actors.

  • ATT&CK coverage heat map (current state)
  • Critical blind spot identification
  • Industry-relevant threat actor mapping
  • Prioritised gap closure recommendations
Detection Coverage Audit

Beyond ATT&CK mapping, we audit the quality of your detection logic: are rules generating too many false positives? Are thresholds set appropriately? Are log sources missing that would be needed to detect high-priority attack paths? A detection coverage audit gives you actionable data on rule health.

  • Rule-by-rule false-positive rate analysis
  • Missing log source identification
  • Detection logic quality scoring
  • Quick-win tuning recommendations (immediate)
12-Month SOC Improvement Roadmap

A practical, prioritised roadmap of initiatives that will improve your SOC's maturity over the next 12 months — with effort estimates, cost indicatives, dependencies, and expected maturity gain per initiative. Sequenced so quick wins deliver value in the first 30 days while structural improvements build over the year.

  • 30/60/90-day immediate action plan
  • 6-month and 12-month strategic initiatives
  • Budget indicatives per initiative
  • Dependency and sequencing map
Tabletop Exercise (Optional)

A half-day simulated incident scenario tests your SOC team's real-world response capability — not just the technology, but the people and process. Common scenarios: ransomware outbreak, supply chain compromise, insider threat, or targeted APT intrusion. Findings feed directly into the improvement roadmap.

  • Industry-specific scenario (ransomware / APT)
  • L1/L2/L3 team participation
  • After-Action Report (AAR) with findings
  • CERT-In reporting procedure stress test
Compliance Gap Mapping

We map your SOC's current capabilities against applicable Indian regulatory frameworks to identify compliance gaps that auditors are likely to raise. Each gap is classified by severity and linked to a remediation recommendation in the SOC improvement roadmap.

  • RBI Cyber Security Framework annexure mapping
  • CERT-In incident response compliance check
  • ISO 27001:2022 A.16 / A.8 gap list
  • SEBI CSCRF / IRDAI (if applicable)

Who Is This Engagement For?

BFSI & Regulated Entities

Banks, NBFCs, insurance companies, and payment processors facing RBI CSF, SEBI CSCRF, or IRDAI cybersecurity audits. An independent SOC assessment provides the evidence and roadmap needed for regulatory submissions and audit responses.

Enterprises with Existing SOCs

Organisations with a SOC that's been running for 1–3 years but hasn't been independently assessed. Alert volumes are high, analyst burnout is a concern, and leadership wants to know if the investment is delivering results. This assessment provides objective evidence and a clear improvement plan.

Pre-Build Planning

Organisations planning to build a new SOC or significantly upgrade an existing one. A consulting engagement before the build project ensures technology selection is well-informed, use-case prioritisation is threat-driven, and the SOC build investment is properly scoped — avoiding costly mid-project pivots.

Engagement Process

Structured 4-week consulting engagement with defined outputs at each stage.

1
Kickoff & Data Collection (Days 1–5)

We meet with your CISO, SOC manager, and lead analysts. We collect SIEM configuration exports, rule lists, log source inventory, incident reports from the last 6 months, and compliance audit findings. A stakeholder survey is distributed to gather analyst perspectives on pain points. No access to production systems is required for this phase — document review only.

2
Technical Assessment (Days 6–14)

With read-only SIEM access, we map active detection rules to MITRE ATT&CK, analyse false-positive rates, review log source coverage, and assess SOAR playbook completeness. We interview L1/L2 analysts using structured scenarios to understand real-world response capability gaps. Compliance control mapping is completed during this phase.

3
Analysis & Report Drafting (Days 15–21)

All findings are synthesised into the maturity scorecard, ATT&CK heat map, and detection coverage audit. The 12-month improvement roadmap is drafted with sequenced initiatives and cost indicatives. Draft reports are shared with your CISO for factual accuracy review before finalisation.

4
Findings Presentation & Roadmap Workshop (Days 22–28)

A half-day findings workshop presents all deliverables to your CISO and leadership team. We walk through the maturity scores, critical gaps, and the prioritised roadmap — allowing leadership to validate priorities against business constraints and upcoming audit timelines. If the tabletop exercise is in scope, it's conducted on the same day.

Engagement Tiers

Fixed-fee engagement — no hourly billing. Tell us your scope and we'll quote within 2 hours.

Essential Assessment
Competitive · fixed-fee engagement
Single SIEM platform · Up to 1,000 rules reviewed
  • SOC maturity scorecard (14 domains)
  • MITRE ATT&CK coverage heat map
  • Top 10 critical gap findings
  • 6-month improvement roadmap
  • Executive summary presentation
RECOMMENDED
Full Assessment
Competitive · fixed-fee engagement
Full SOC scope · Multi-tool environment
  • Full SOC maturity assessment
  • MITRE ATT&CK gap analysis + heat map
  • Detection coverage audit (rule quality)
  • 12-month SOC improvement roadmap
  • Compliance gap mapping (2 frameworks)
  • Half-day findings + roadmap workshop
  • Executive report + CISO brief
Full Assessment + Tabletop
Competitive · fixed-fee engagement
Full scope + live incident simulation
  • Everything in Full Assessment
  • Half-day tabletop exercise
  • After-Action Report (AAR)
  • Compliance frameworks (3)
  • CERT-In reporting procedure stress test

Frequently Asked Questions

A SOC maturity assessment evaluates the defensive capabilities of your security operations — your people, processes, and detection technology. A penetration test or red team exercise attacks your environment to find exploitable vulnerabilities. They're complementary. We often recommend a red team exercise as a follow-on after the maturity assessment, once critical detection gaps identified in the assessment have been addressed.

For the technical assessment phase, we need read-only access to your SIEM console to review active rules, log source configuration, and incident history. We don't need database or OS-level access — only the SIEM management GUI. If your SIEM is internet-accessible with MFA, a temporary read-only analyst account is sufficient. If not, we can work onsite.

Our maturity scoring framework is based on the SOC-CMM (SOC Capability Maturity Model) — an internationally recognised framework specifically designed for SOC assessment. We've supplemented it with India-specific dimensions covering CERT-In compliance, RBI CSF controls, and common gaps observed in Indian enterprise SOC environments across 40+ assessments.

Yes. If your organisation has outsourced SOC operations to an MSSP, the assessment evaluates the MSSP's delivery quality from your perspective: alert triage SLA adherence, use-case coverage, escalation quality, and reporting outputs. We interview both your internal stakeholders and review MSSP deliverables. This helps you evaluate whether to continue, renegotiate, or change your MSSP.

No. The assessment is primarily document review, stakeholder interviews, and read-only SIEM analysis. There's no traffic generation, no rule modifications, and no changes to your production environment. The only operational impact is analyst interview time (typically 2–3 hours per analyst across the 4-week engagement).

Yes, though the assessment scope shifts. Without a SIEM, the focus is on your current visibility capability, log collection practices, manual investigation processes, and incident response procedures. The outcome typically includes a SIEM platform recommendation and a prioritised roadmap for building detection capability — essentially scoping a SOC Build project (see our SOC Setup service).

That's entirely your choice. The assessment deliverables (roadmap, gap findings) can be used by your internal team, another vendor, or Ogma to implement improvements. Many customers engage Ogma for a follow-on SOC Build or Managed FortiSIEM engagement using the roadmap as the implementation plan. There's no obligation — the assessment is a standalone engagement with complete, actionable outputs.

Know Exactly Where Your SOC Stands

Tell us your SIEM platform, approximate number of active rules, your compliance obligations, and your biggest current concern. We'll scope an assessment engagement and send you a proposal within 2 business days.