Hi @Colloh, what a great question you’ve asked here! This is exactly the kind of best practice conversation we love to see in the Community. Just to clarify, SOC in this context refers to your Security Operations Center - is that correct?
I’ll take this back to our team and see if others have any advice I can share with you, and I hope other members of the Community and Duo admins weigh in as well!
Kind of related - we have a free course on Duo Trust Monitor available on our learning management system, Duo Level Up. The content it covers seems super relevant to your question, so you might want to explore that and check it out.