80% of cyber-incidents worldwide are not detected and the root cause often remains unknown. Existing AI-driven anomaly detection methods for cybersecurity, such as the SOAR platform, have no explanation capability. Without any meaningful explanation to experts, identifying the root cause of cyber threat detection can take too much time and endanger outstanding internal and external infrastructures. We will integrate explanation strategies, e.g. to show the reasons for suspicion, with direct impacts on cybersecurity network operations centres and their customers. Depending on the qualitative impact, BTF will apply the definition of new standards in cyber SOC within the European Telecommunications Standards Institute (ETSI) Information Security Indicators group.