What do you like best?
The ability to custom code the interface any way we like, we are able to create effective tasks, intake is good. The ability to plugin to our primary intakes such as splunk. The ability to automate process and procedures with Phantom integration. Although intensive to setup, it is highly customizable. API integration with other products and good reporting will allow us to achieve our goals.
What do you dislike?
There does not appear to be any way of changing some of the default fields. The task based system is ok, but we would like the ability to create custom frames, that when clicked, would allow an analyst to move on in the task list. The interface can be very overwhelming for a junior analyst, even when we strip out a lot of content.
Recommendations to others considering the product
Plan properly before deployment, I cannot stress this enough. If you do not know what you want the product to do for you, it will be significantly harder to create the right dashboards and intakes.
What business problems are you solving with the product? What benefits have you realized?
Moving to a single pane of glass implementation will help us respond faster, gather better metrics, and get an overall better feel of the types of incidents our staff have to deal with on a daily basis We realize a huge benefit over our existing system, as we did not have good metadata during incident response. Resilient has allowed us to capture this info better.