DFLabs’ Integration Partners

As we continue to develop our IncMan Security Orchestration, Automation and Response (SOAR) platform, one of DFLabs’ main goals is to enable an ever-more streamlined and effective integration with third-party security technologies, in an effort to leverage their capabilities towards creating the most comprehensive and efficient security system possible.

Currently, IncMan supports hundreds of third-party security technologies via QIC, API, CEF, Syslog, and Email, with a constantly growing list of certified bidirectional integrations.

BMC Remedy

Complete service management platform that combines ITIL® best-practices and intuitive self-service to enable smarter service delivery.

Carbon Black Defense

Next generation antivirus, streaming defense with AV machine learning capabilities.

Carbon Black Response

Highly scalable, real-time EDR with unfiltered visibility for top security operations centers and incident response teams.

Cisco ThreatGrid

Advanced sandboxing with threat intelligence aimed at detecting malware.

Cisco Umbrella

Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defense against threats on the internet. Because Umbrella is delivered from the cloud, it is the easiest way to protect all of your users in minutes.

Cisco Umbrella Investigate

Adds a complete view of the relationships and evolution of domains, IPs, autonomous systems (ASNs), and file hashes.

Crowdstrike Falcon

Cloud-delivered endpoint protection. It both delivers and unifies IT Hygiene, next-generation antivirus, endpoint detection and response (EDR), managed threat hunting, and threat intelligence — all delivered via a single lightweight agent.

Cuckoo Sandbox

Open-source automated malware analysis system, providing a detailed report outlining the behavior of the file when executed inside a realistic but isolated environment.


Electronic Mail (email or e-mail) is a method of exchanging messages (“mail”) between people using electronic devices.

EnCase Forensics

Complete forensics and evidence management. It collects data, performs analysis, reports on findings and preserves them in a court validated, forensically sound format.


Google Maps geolocation API

Hacker Target

Delivers advancements in machine learning, with massive scale and speed for data analytics, monitoring and alerting.


Comprehensive issue tracking and ticket management system.


The Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs on a layer above the TCP/IP stack. It provides a mechanism used to connect to, search, and modify Internet directories.

McAfee ADT

Unlike traditional sandboxes, MacAfee ADT includes additional inspection capabilities that broaden detection and expose evasive threats. Tight integration between security solutions—from network and endpoint to investigation—enables instant sharing of threat information across the environment, enhancing protection and investigation. Flexible deployment options support every network.

McAfee ePO

Security management software for systems, networks, data, and compliance solutions.

McAfee TIE

Combine threat information sources. Leveraging the Data Exchange Layer (DXL), instantly share threat data to all of your connected security systems, including third-party systems. McAfee Threat Intelligence Exchange provides adaptive threat detection on unknown files, resulting in faster time to protection and lower costs. Broader, collective threat intelligence makes accurate file execution decisions and customizes policies based on your risk tolerance level.

McAfee Web Gateway

Sharing critical security information between security platforms

Microsoft Active Directory

Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. The directory is designed to handle a large number of read and search operations and a significantly smaller number of changes and updates. Active Directory data is hierarchical, replicated, and extensible.

Microsoft SQL Server

SQL-based relational database management system designed for use in corporate applications, both on premises and in the cloud.

MISP Threat Sharing

A platform for sharing, storing and correlating Indicators of Compromises of targeted attacks and threats.


The most comprehensive set of advanced features, management tools and technical support to achieve the highest levels of MySQL scalability, security, reliability, and uptime.


The STIX indicator’s test mechanism field is an extensive alternative to providing an indicator signature in something other than CybOX (open indicators of compromize, open vulnerability, and assessment language), SNORT rules and YARA rules are supported as default extensions to test that mechanism field.

OpenText Encase

A 360-degree visibility across all endpoints, devices and networks to enable discreet, forensically-sound data collection for litigation and investigations.

Palo Alto NGFW

Next-generation firewall classifies all traffic, including encrypted traffic, based on application, application function, user and content.

Palo Alto Wildfire

Cloud based threat analysis dynamic Machine learning, bare metal analysis for Malware, zero day exploits.

Palo Alto Panorama

Network security management simplifying management tasks while delivering comprehensive controls and deep visibility into network-wide traffic and security threats.


General-purpose programming language, mostly used for system administration, web development, network programming, and GUI development.


PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads.


General-purpose programming language that lets you work quickly and integrate systems more effectively.


Consolidation of log source event data from thousands of device endpoints and applications distributed throughout a network.

Recorded Future

Universal threat Intelligence solution. Using unique technology, it automatically serves up relevant insights in real time and at an unparalleled scale.

Screenshot Machine

Online screenshot rendering. Whatever you need to get a full length screenshot of or thumbnail, you got it.


Automation of investigations, including quick and effective collection of data. Delivering advancements in machine learning, with massive scale and speed for data analytics, monitoring and alerting.

STIX integration partner logo


Structured Threat Information Expression (STIX) is a structured language for describing cyber threat information, so it can be shared, stored and analyzed in a consistent manner.


Syslog is used for system management and security auditing, as well as general informational, analysis, and debugging messages.


Intelligence-driven orchestration, threat intelligence platform, and security operations and analytics platform.


Analyzing suspicious files and URLs to detect types of malware including viruses, worms, and Trojans.


This protocol stores and delivers database content in a human-readable format, and is used look up domains, people and other resources related to domain and number registrations.

If you are interested in a potential integration of your security technology with our IncMan platform, please feel free to contact us.