Not sure if I posted in the best area, so please bare with me.
I have been tasked with finding some options for Incident Handling Automation/Orchestration tools for our SOC. I have no experience with these sort of tools and don't want to end up settling for something that's sub-par. I've had a few vendor presentations already and so far IBM's Resilient is taking the lead, but before I make my decision, I'd like to ask you guys for any other suggestions. Prefer to get some non-biased info instead of relying on their sites which always claim to be "the best." Environment is around 50K+ endpoints.
I did a market review on Security Orchestration, Automation and Response Tools and can recommend the following:
Also be advised that there is a new GARTNER report due soon: https://blogs.gartner.com/anton-chuvakin/2017/09/13/soar-research-coming-brace-for-impact/
I recently started using a new platform from LogicHub to automate SOC playbooks. I wrote a playbook to automate IOC's received from Google for GSuite Suspicious login alerts. I recommend the platform for SOC automation. We utilized SumoLogic as log aggregation and integrated Twilio for alerts and two way SMS communication. LogicHub has a growing list of integrations that are easy to use. SumoLogic has a list of existing API integrations that make integrated and triggering SIEM events relatively easy. With Sumo we also utilized CrowdStrike to score IP's.