The security operations center (SOC) is essential for protecting organizational assets and maintaining operational continuity against rapidly changing cyber threats. Despite its significance, numerous SOCs establish detection capabilities lacking of a systematic framework, frequently culminating in inefficiencies and constrained efficacy. This paper presents a process model aimed at improving SOC detection capabilities by aligning them with business objectives, pertinent risks, and the evolving character of contemporary threats. The study includes an evaluation of current detection methodologies, utilizing the MITRE ATT&CK architecture and threat intelligence data to pinpoint relevant risks and detection deficiencies. A case study was performed at the XYZ Organization to evaluate current detection capabilities and implement the recommended process model. The model was validated through interviews with experts in the SOC field, verifying the findings' credibility. The findings demonstrate that the model efficiently helps SOC in synchronizing detection methods with organizational objectives, prioritizing pertinent threats, and promoting the enhancement of more targeted and adaptable detection capabilities. This research provides theoretical insights into SOC detection modeling and practical assistance for enterprises aiming to enhance their cybersecurity operations.

Cyber threat detection; MITRE ATT&CK; Security operations center; SOC; SOC detection capability