We are currently working on our SOAR research, as Anton has extensively blogged about. SOAR tools have been used to help organizations triage and respond to the deluge of alerts coming from tools such as SIEM and UEBA. Although this is sometimes seen as the earlier stages of incident response, I’ve been increasingly seeing it as a way to implement “multi-stage threat detection”.