Besides Security IR tracking & workflow that is available in SIEM platforms, what are other tools that can do this such as standalone products like ServiceNow SIR or Everbridge xmatters? I found Resolver and RTIR but don't know anything about either. Any others? Thoughts on these tools or others in terms of effectiveness and vendor support?
I recently found that Splunk Enterprise Security does not support a least privilege model and that anyone that has access to incidents can view all incidents. I am looking for a solution that is more granular and can be siloed to smaller teams.
My search through older posts
- This post is a bit outdated and some of the tools no longer exist (or at least the links are broken):
Security Operation Center (SOC)
- This post was answered with obsolete tools:
