SIEM (Security Information and Event Management)
- Splunk
- IBM QRadar
- Microsoft Sentinel
- LogRhythm
- Elastic (Elastic SIEM)
- ArcSight
- AT&T Cybersecurity (AlienVault USM)
SOAR (Security Orchestration, Automation and Response)
- Palo Alto Networks (Cortex XSOAR)
- Splunk (Splunk SOAR)
- IBM (Resilient)
- Swimlane
- DFLabs (IncMan)
- Google (Siemplify)
EDR / XDR
- CrowdStrike (Falcon)
- SentinelOne
- VMware (Carbon Black)
- Microsoft (Defender for Endpoint)
- Sophos (Intercept X)
- Trend Micro (Apex One)
NDR / Network Monitoring
- Zeek
- Suricata
- Snort
- Security Onion
- Wireshark
- Tshark
Threat Intelligence Platforms (TIP)
- MISP
- Recorded Future
- Anomali
- ThreatConnect
- IBM (X-Force Exchange)
- AlienVault OTX
UEBA (User and Entity Behavior Analytics)
- Exabeam
- Securonix
- LogRhythm (UEBA)
- Microsoft (Sentinel UEBA)
Vulnerability Management
- Tenable (Nessus)
- Qualys
- Rapid7 (InsightVM, Nexpose)
- OpenVAS
Digital Forensics and Incident Response (DFIR)
- Autopsy
- Volatility
- FTK Imager
- Magnet AXIOM
- Rekall
- Velociraptor
- GRR Rapid Response
Ticketing / Case Management
- ServiceNow (Security Operations)
- Atlassian (Jira)
- ManageEngine (ServiceDesk)
Email Security
- Proofpoint
- Mimecast
- Microsoft (Defender for Office 365)
Firewall / NGFW
- Palo Alto Networks
- Cisco (Firepower)
- Fortinet (FortiGate)
- Check Point
Cloud Security
- Microsoft (Defender for Cloud)
- Amazon Web Services (GuardDuty, Security Hub)
- Google Cloud (Security Command Center)
- Wiz
- Orca Security