u/YellOBrinjal

Hey all, I'm the sole IT person for a company with around 45 employees, and I'm trying to put together a solid set of tools (open-source or paid) to use during a cybersecurity incident.

I'm not just looking at prevention, but specifically tools that help during an active breach; things like detecting threats/breach, investigating compromised endpoints or network activity, analyzing logs/traffic, isolating systems, and actually responding/remediating. We do have an incident response plan, but without an active toolset during a live scenario, the plan doesn't mean much.

Any suggestion?