Managing the unknown unknowns is a continual challenge for security operations teams. How do you know when you have a monitoring blind spot, and will the threat find it before you do? Security teams must monitor/measure log health, coverage, and maturity. Too often, security teams discover these blind spots after an attack occurs. Investigating security incidents without logs presents significant challenges. Log sources feeding primary SecOps monitoring use cases must have equal or better Service Level Agreements (SLA) than respective use cases. For example, a SecOps monitoring use case for ransomware within 15-minute response SLAs must equal or better log health response as conflicts will greatly reduce response times.