---
title: Detection Engineering Coverage Evaluation — Invoked Exchange skill
description: Automates the end-to-end detection engineering workflow in Google SecOps using MCP tools. Use when fetching threat intelligence from blogs, generating Threat Detection Opportunities (TDOs), simulating attacker behavior with synthetic UDM events, evaluating rule coverage, and generating new YARA-L 2.0 rules to close coverage gaps. Don't use when asked to perform threat hunting actions, and SOC investigative actions.
doc_version: "1.0"
last_updated: "2026-06-29T08:40:40.210Z"
canonical: https://invoked.ai/skills/detection_engineering_coverage_evaluation
---

# Detection Engineering Coverage Evaluation

Automates the end-to-end detection engineering workflow in Google SecOps using MCP tools. Use when fetching threat intelligence from blogs, generating Threat Detection Opportunities (TDOs), simulating attacker behavior with synthetic UDM events, evaluating rule coverage, and generating new YARA-L 2.0 rules to close coverage gaps. Don't use when asked to perform threat hunting actions, and SOC investigative actions.

- Shared by: google/skills
- Composes surfaces: 
- Tool chain: 
- Add to Invoked: https://invoked.ai/skills/detection_engineering_coverage_evaluation

## Community usage

_Building — published once enough workspaces have run this skill._

## Sitemap

See the full [Exchange sitemap](https://invoked.ai/sitemap.md).