Red team operations that expose SIEM gaps, harden detection rules, and build real-time response capability.