This control plane turns SecOps coverage data into one buyer-readable surface: telemetry health, control coverage, automation readiness, stale incidents, and the response packets needed before SOC drift, audits, or trust posture slip.
| Gap | Owner | Subject | Principal | Message |
|---|---|---|---|---|
| high identity-gap |
Identity Detection Engineering | Privileged access analytics Global SecOps control plane |
global-admins@kineticgain.com | Identity detection coverage around "Privileged access analytics" still needs confirmation before the SecOps lane can call posture healthy. |
| high cloud-gap |
Incident Automation | Phishing incident playbook EMEA workforce collaboration |
— | Cloud, SaaS, or collaboration coverage for "Phishing incident playbook" remains incomplete and may leave the response lane blind to pivots. |
| high automation-gap |
Incident Automation | Phishing incident playbook EMEA workforce collaboration |
— | Incident automation around "Phishing incident playbook" is still missing enough playbook proof for response confidence. |
| high cloud-gap |
Detection Engineering | Cloud correlation incident queue Global SecOps control plane |
— | Cloud, SaaS, or collaboration coverage for "Cloud correlation incident queue" remains incomplete and may leave the response lane blind to pivots. |
| high automation-gap |
Incident Automation | Cloud correlation incident queue Global SecOps control plane |
— | Incident automation around "Cloud correlation incident queue" is still missing enough playbook proof for response confidence. |
| medium telemetry-gap |
Detection Engineering | Detection Engineering EMEA workforce collaboration |
— | Collaboration telemetry surface in EMEA workforce collaboration is degraded and not carrying healthy telemetry coverage. |
| medium automation-gap |
Detection Engineering | Detection Engineering EMEA workforce collaboration |
— | Collaboration telemetry surface in EMEA workforce collaboration is missing healthy incident-playbook automation coverage. |
| medium stale-active-gap |
Identity Detection Engineering | Privileged access analytics Global SecOps control plane |
— | Gap "Privileged access anomaly coverage is missing an approved containment owner" has remained active since 2026-05-26T10:35Z. |
| medium endpoint-gap |
Security Platform | Endpoint telemetry connector Global SecOps control plane |
— | Endpoint detection coverage for "Endpoint telemetry connector" remains incomplete and needs a tighter containment path. |
| medium stale-active-gap |
Security Platform | Endpoint telemetry connector Global SecOps control plane |
— | Gap "Server telemetry connector drift on finance reporting nodes" has remained active since 2026-05-25T21:00Z. |
| medium cloud-gap |
Detection Engineering | Collaboration audit connector EMEA workforce collaboration |
— | Cloud, SaaS, or collaboration coverage for "Collaboration audit connector" remains incomplete and may leave the response lane blind to pivots. |
| medium stale-active-gap |
Detection Engineering | Collaboration audit connector EMEA workforce collaboration |
— | Gap "Collaboration audit connector is not ingesting enough detection events" has remained active since 2026-05-24T22:40Z. |
| medium stale-active-gap |
Incident Automation | Phishing incident playbook EMEA workforce collaboration |
— | Gap "Incident playbook is incomplete for high-confidence phishing detections" has remained active since 2026-05-24T09:15Z. |
| medium high-severity-unassigned |
Incident Automation | Cloud correlation incident queue Global SecOps control plane |
— | High-severity gap "Cloud correlation queue remains active without verified closure" still has no assigned owner. |
| medium stale-active-gap |
Incident Automation | Cloud correlation incident queue Global SecOps control plane |
— | Gap "Cloud correlation queue remains active without verified closure" has remained active since 2026-05-23T12:20Z. |