What platform integrates incident response with SIEM tools?

I’ve been trying to sort out which incident response platforms actually play nice with SIEMs instead of living in their own silo. Ideally, I’d like a platform that can centralize everything, tie into existing monitoring, and make playbooks easier to execute. Looking at G2’s grid, here are a few that stand out:

• KnowBe4 PhishER/PhishER Plus:  Very strong in phishing incident handling, with some broader alerting support, but less frequently cited for deep SIEM integrations outside email-focused workflows.
• Dynatrace: big on observability, seems like a natural fit for connecting incidents with monitoring/SIEM data.
• Datadog: already strong on monitoring, so curious how well it ties incident workflows back to SIEM alerts.
• Tines: automation-first, reviewers often call out how it pulls alerts from SIEMs and kicks off playbooks.
• Torq: similar space as Tines, pitched as flexible workflows that sit on top of existing tools.
• Cynet: markets itself as consolidated, so wondering how well it plugs into SIEM data.
• ServiceNow Security Operations: seems popular in enterprises for tying IR workflows into the rest of the IT stack.
• Palo Alto Cortex XSIAM: Built for SOC workflows, integrates well with Palo Alto’s own ecosystem and can tie into SIEMs.
• IBM Instana:  positioned more on observability but curious about how well it integrates with existing SIEM tools.
• CYREBRO: comes up as a centralized hub, could be useful for pulling in SIEM alerts.

From what I can tell, Tines, Torq, and ServiceNow are the ones most people mention for SIEM integrations, but I’d love to hear firsthand experiences.

Anyone here using these day-to-day with Splunk, Sentinel, or another SIEM? Which platform actually makes the handoff smooth instead of adding more noise?