For those that are not performing tabletop exercises to test how your SOC responds to various types of events, you need to start doing that. How else could you know how effective your processes are outside of living through a real-world situation … which is not when you want to find out the answer to that question.
You can find templates for performing tabletop exercises online but another recommended resource is building your tabletops and testing around real world threat behavior. Hence, check out Mitre Att&ck evaluations library found HERE. You can pull up behavior profiles of threat actors and build your exercises around how they launch attacks. If you haven’t seen this, check it out.