Time to share the below article with your SOC vendor and confirm whether, 1. Alerts are configured to detect each type of attack mentioned? 2. ⁠threat hunting happens keeping these attacks as hypothesis?, and 3. ⁠whether outcome of points 1 and 2 above are being reported in periodic status calls? In case of a regulated entity in India (like a bank), outsourcing an activity doesn’t absolve the entity’s responsibility. Regulators expect and check the depth of oversight by entity on their vendor. Good article, worth reading and acting upon. https://vincent03dinh.wordpress.com/2025/04/24/active-directory-detection-engineering-notes/