Maturity Model¶

5-stage threat detection & response maturity¶

Level	Detection	Response	Offensive Testing
1 - Initial	Ad-hoc alerts, no ATT&CK mapping	Manual processes	Annual penetration test
2 - Developing	Basic ATT&CK coverage (<50%)	Playbooks for critical TTPs	Quarterly Red Team exercises
3 - Defined	70% ATT&CK coverage, automated alerts	SOC integrates threat intel	Monthly Purple Team collaboration
4 - Measured	≥90% coverage, MTTD <30min	Automated containment for known TTPs	Continuous emulation + feedback
5 - Optimizing	Predictive analytics (AI/ML)	Self-healing systems	Red Team emulates advanced APTs