Incident Response Software Resources

How do you edit a template after it was created and saved? I'm sure if it is possible, but I hope it is

Looking at G2’s enterprise grid for incident response tools, a few names consistently stand out for bigger orgs. From reviews and data, here are the platforms that seem to rise to the top:

• Dynatrace: high satisfaction scores with one of the strongest market presence ratings. Enterprise reviewers highlight its deep observability and IR connection.
• KnowBe4 PhishER/PhishER Plus: strong satisfaction, often mentioned as a go-to for phishing incident response at scale.
• Resolver: reviewers consistently note its ease of use and strong reporting, which larger teams value for visibility and compliance.
• Palo Alto Cortex XSIAM: well-reviewed in the enterprise space, especially among orgs already invested in Palo Alto’s ecosystem.
• Tines: automation-first approach that enterprise security teams are using to reduce manual IR work.
• Datadog: while categorized as a contender, its market presence in enterprises is hard to ignore; many lean on it for monitoring + response in one place.

From the grid, Dynatrace looks like the clear leader in terms of overall score for large enterprises, with Resolver and KnowBe4 close behind depending on use case.

Curious to hear from others in enterprise environments — which platform is proving to be the most effective when incidents hit, and why?

I’ve been digging into G2’s small business grid for incident response and trying to figure out which tools actually make sense for SMB budgets. Based on reviews, data, and a bit of research, here’s what I’m seeing so far:

• KnowBe4 PhishER/PhishER Plus: strong adoption even at the SMB level, with high satisfaction scores. Feels like a straightforward pick for teams dealing with phishing incidents regularly.
• Datadog: huge market presence, though some reviews suggest it’s more monitoring-first, and you’d want to be careful with scope if cost is a priority.
• CYREBRO:  a lot of positive notes around centralized visibility and response without needing a massive security team.
• Torq: reviewers highlight flexibility and automation for small teams that want to build response workflows without heavy lifting.
• SpinOne: comes up in reviews as easy to deploy and particularly focused on SaaS incident management. Satisfaction ratings are strong, which could make it appealing for smaller teams.
• Cynet: positioned as a bundled approach that could reduce the need for multiple tools, which might help on cost efficiency.
• Wazuh (Open Source Security Platform): open source, which obviously keeps costs down, but reviewers point out it still requires time and expertise to set up and run effectively.

From what I’m seeing, CYREBRO and Torq seem to be gaining attention from SMBs that need fast setup without a giant budget. Wazuh is attractive if you’ve got the in-house skills to manage open source.

Curious if anyone here is running one of these day-to-day in a smaller environment — which ones actually feel affordable and manageable for an SMB team?