# Catalog quality scorecard

Auto-generated by `scripts/generate_scorecard.py`. Do not edit by hand.

## Methodology

Six dimensions are measured per category, normalised to 0–100, and
averaged with the following weights:

| Dimension | Weight | What it measures |
| --------- | ------ | ---------------- |
| Content depth | 20% | Average Gold Standard depth score (0–100) measuring operational completeness |
| References | 20% | % of UCs citing at least one external source |
| Provenance authority | 20% | Weighted average authority of citations (Splunk official = 1.0, community = 0.5, contributor = 0.2) |
| Freshness | 15% | Median age of the `Last reviewed` field (≤90d = 100, >2y = 20) |
| Known false positives | 10% | % of UCs with populated KFP guidance |
| MITRE ATT&CK coverage | 8% | % of security UCs tagged with ATT&CK technique IDs |
| Sample fixtures | 7% | % of UCs with a `samples/UC-<id>/` fixture |

Grades:

| Grade | Composite | Meaning |
| ----- | --------- | ------- |
| **Gold** | ≥ 85 | Production-ready, well-cited, well-documented |
| **Silver** | 70–84 | Solid content, minor gaps (e.g. KFP sparse) |
| **Bronze** | 55–69 | Usable but needs attention (reviews overdue, light citations) |
| **Needs work** | < 55 | Requires authoring effort before relying on it |

## Global rollup

- **Total UCs:** 6,565
- **Weighted composite score:** 70.6 — overall grade **Silver**

## Per-category scorecard

| Cat | Category | UCs | Depth | Refs | KFP | MITRE* | Fresh | Prov. | Samples | Composite | Grade |
| --- | -------- | --- | ----- | ---- | --- | ------ | ----- | ----- | ------- | --------- | ----- |
| 1 | Server & Compute | 275 | 37 | 100.0% | 97.5% | 0% | 17d | 100 | 1.8% | **72.4** | **Silver** |
| 2 | Virtualization | 176 | 37 | 100.0% | 100.0% | 34% | 9d | 85 | 29.5% | **74.2** | **Silver** |
| 3 | Containers & Orchestration | 129 | 37 | 100.0% | 100.0% | 56% | 7d | 92 | 0.8% | **75.3** | **Silver** |
| 4 | Cloud Infrastructure | 227 | 36 | 100.0% | 100.0% | 83% | — | 100 | 0.9% | **64.0** | **Bronze** |
| 5 | Network Infrastructure | 374 | 36 | 100.0% | 94.1% | 5% | 1d | 98 | 6.1% | **72.1** | **Silver** |
| 6 | Storage & Backup | 81 | 37 | 100.0% | 100.0% | 0% | — | 100 | 0.0% | **57.5** | **Bronze** |
| 7 | Database & Data Platforms | 122 | 36 | 100.0% | 100.0% | 0% | — | 100 | 0.0% | **57.3** | **Bronze** |
| 8 | Application Infrastructure | 106 | 37 | 100.0% | 100.0% | 0% | — | 100 | 0.0% | **57.4** | **Bronze** |
| 9 | Identity & Access Management | 104 | 37 | 100.0% | 100.0% | 84% | — | 100 | 1.0% | **64.2** | **Bronze** |
| 10 | Security Infrastructure | 2,409 | 28 | 100.0% | 100.0% | 85% | 9d | 88 | 0.3% | **74.9** | **Silver** |
| 11 | Email & Collaboration | 107 | 37 | 100.0% | 100.0% | 0% | — | 100 | 0.0% | **57.4** | **Bronze** |
| 12 | DevOps & CI/CD | 88 | 37 | 100.0% | 100.0% | 0% | — | 100 | 1.1% | **57.4** | **Bronze** |
| 13 | Observability & Monitoring Stack | 143 | 36 | 100.0% | 100.0% | 10% | 7d | 100 | 0.7% | **73.1** | **Silver** |
| 14 | IoT & Operational Technology (OT) | 230 | 36 | 100.0% | 100.0% | 0% | — | 100 | 0.0% | **57.3** | **Bronze** |
| 15 | Data Center Physical Infrastructure | 81 | 37 | 100.0% | 100.0% | 0% | — | 100 | 0.0% | **57.4** | **Bronze** |
| 16 | Service Management & ITSM | 81 | 37 | 100.0% | 100.0% | 0% | — | 100 | 0.0% | **57.4** | **Bronze** |
| 17 | Network Security & Zero Trust | 105 | 38 | 100.0% | 100.0% | 92% | — | 100 | 0.0% | **65.0** | **Bronze** |
| 18 | Data Center Fabric & SDN | 76 | 37 | 100.0% | 100.0% | 52% | 4d | 100 | 0.0% | **76.6** | **Silver** |
| 19 | Compute Infrastructure (HCI & Converged) | 72 | 37 | 100.0% | 100.0% | 25% | 8d | 100 | 0.0% | **74.4** | **Silver** |
| 20 | Cost & Capacity Management | 77 | 37 | 100.0% | 100.0% | 0% | 7d | 100 | 0.0% | **72.4** | **Silver** |
| 21 | Industry Verticals | 129 | 36 | 100.0% | 100.0% | 0% | — | 100 | 0.0% | **57.3** | **Bronze** |
| 22 | Regulatory and Compliance Frameworks | 1,310 | 35 | 100.0% | 100.0% | 10% | 11d | 98 | 0.0% | **72.2** | **Silver** |
| 23 | Business Analytics & Executive Intelligence | 63 | 37 | 100.0% | 100.0% | 0% | 5d | 100 | 0.0% | **72.5** | **Silver** |

\* MITRE coverage counts only UCs whose `pillar` is `security` or `both`.

## Grade distribution

| Grade | Categories | Total UCs |
| ----- | ---------- | --------- |
| **Gold** | 0 | 0 |
| **Silver** | 11 | 5,104 |
| **Bronze** | 12 | 1,461 |
| **Needs work** | 0 | 0 |

## How to improve a score

- **Low refs %**: add citations to `References:` using the official Splunk / vendor docs already referenced by sibling UCs.
- **Low KFP %**: add a `Known false positives` section — usually 1–2 sentences describing the most common benign trigger.
- **Stale freshness**: touch the `Last reviewed` field after a quick sanity check of the SPL; update when Splunk / vendor APIs change.
- **Low provenance authority**: swap community blog links for the upstream official doc where available.
- **Low MITRE %**: tag security UCs with the ATT&CK technique ID they detect (T1078, T1059, etc.).
- **Low sample coverage**: add a fixture under `samples/UC-<id>/` — see `samples/README.md` for the schema.