1) what's possible to detect that your tech teams + business MDs care about
2) by implication what gaps exist with existing tech (coverage / config)
... then in with a chance.
2) To understand if the analytic can be better tuned to remove the trigger to 'go look at this'
And in turn once you've defined your detections and thoroughly investigated the best you can do with existing tech + config, you are in a much better position to know how best to change reality.
1) define top 5 things you would need to take action on if detected
2) define top 5 things you *can* take action on with detections you can build
3) define delta between the two + reasons for it
4) articulate how 'investigative' the actions you can take are