Like the title says. My boss is very excited by the new tool (Demisto), and I've been tasked with setting up all of our integrations, but I have no idea where to start. I'm pretty good with Python, so I'm not super concerned with the actual tech work, it's more about what products/use cases I should be preparing. She's also asked me to evaluate "best of breed" alternatives to our current tools based on what use cases we're setting the SOAR up for (e.g. we have Qualys today, but maybe Tanium works better w/ Demisto).
Any advice? What do you have plugged into your SOAR?
If for opsec reasons you don't want to give brands, categories are fine… I just need to know where to start.