Skip to content
Log in

MTTD / MTTR

Definition

Mean Time to Detect and Mean Time to Respond: the two primary operational KPIs for a SOC. MTTD measures the gap between a compromise occurring and an alert firing; MTTR measures the gap between alert and containment. Both are shortened by tight tool integration.

Related terms

EDR (Endpoint Detection and Response)
An agent-based security tool deployed on individual endpoints (workstations, servers, mobile devices) that monitors process execution, file changes, network connections, and registry...
SIEM (Security Information and Event Management)
A platform that aggregates log and event data from systems, networks, and applications across an environment, correlates events against detection rules, generates...
SOAR (Security Orchestration, Automation, and Response)
A platform that receives alerts from the SIEM and other sources, executes automated playbooks to enrich and triage them, and integrates with...
STIX / TAXII
Structured Threat Information eXpression (STIX) is a standardised language for describing threat intelligence objects. Trusted Automated eXchange of Intelligence Information (TAXII) is...
Threat Intelligence Platform (TIP)
A system that ingests indicator feeds from external providers and internal sources, deduplicates and scores them, and exports curated indicators of compromise...

Explained in

  • SOC Tooling and the SIEMMean Time to Detect and Mean Time to Respond: the two primary operational KPIs for a SOC. MTTD measures the gap between a compromise occurring and an alert fir...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account