DFLabs’ Integration Partners

As we continue to develop our IncMan Security Orchestration, Automation and Response (SOAR) platform, one of DFLabs’ main goals is to enable an ever-more streamlined and effective integration with third-party security technologies, in an effort to leverage their capabilities towards creating the most comprehensive and efficient security system possible.

Currently, IncMan supports hundreds of third-party security technologies via QIC, API, CEF, Syslog, and Email, with a constantly growing list of certified bidirectional integrations.

BMC Remedy

Comprehensive IT service management.


Carbon Black Defense

Next generation antivirus, streaming defense with AV machine learning capabilities.

Carbon Black Response

Аdvanced endpoint detection and response.

Cisco ThreatGrid

Advanced sandboxing with threat intelligence to detect malware.

Cisco Umbrella

Cloud-based security Internet gateway.

Cisco Umbrella Investigate

Advanced intelligence and reputation data for domains, IP addresses and ASNs.

Crowdstrike Falcon

Advanced endpoint detection and response.

Cuckoo Sandbox

Open source automated malware analysis platform


Electronic Mail (email or e-mail) is a method of exchanging messages (“mail”) between people using electronic devices.

EnCase Forensics

For complete forensics and evidence management.


Google Maps geolocation API

Hacker Target

For trusted vulnerability scanning.


For comprehensive ticket management.


To connect, search and modify Internet directories.

McAfee ADT

To detect advanced, evasive malware.

McAfee ePO

Security management software for systems, networks, data, and compliance solutions.

McAfee TIE

Combines threat information sources to provide adaptive threat detection.

McAfee Web Gateway

To share critical security information between security platforms.

Microsoft Active Directory

Query Active Directory for users, computers and other objects in real time.

Microsoft SQL Server

SQL-based relational database management system.

MISP Threat Sharing

For malware threat information sharing.


To gather rich information by running SQL queries.


The STIX indicator’s test mechanism field is an extensive alternative to providing an indicator signature in something other than CybOX (open indicators of compromize, open vulnerability, and assessment language), SNORT rules and YARA rules are supported as default extensions to test that mechanism field.

OpenText Encase

A 360-degree visibility across all endpoints, devices and networks to enable discreet, forensically-sound data collection for litigation and investigations.

Palo Alto NGFW

Next-generation firewall classifies all traffic, including encrypted traffic, based on application, application function, user and content.

Palo Alto Wildfire

Cloud based threat analysis dynamic Machine learning, bare metal analysis for Malware, zero day exploits.

Palo Alto Panorama

Network security management simplifying management tasks while delivering comprehensive controls and deep visibility into network-wide traffic and security threats.


General-purpose programming language, mostly used for system administration, web development, network programming, and GUI development.


PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads.


General-purpose programming language that lets you work quickly and integrate systems more effectively.


Consolidation of log source event data from thousands of device endpoints and applications distributed throughout a network.

Recorded Future

Universal threat Intelligence solution. Using unique technology, it automatically serves up relevant insights in real time and at an unparalleled scale.

Screenshot Machine

Online screenshot rendering. Whatever you need to get a full length screenshot of or thumbnail, you got it.


Automation of investigations, including quick and effective collection of data. Delivering advancements in machine learning, with massive scale and speed for data analytics, monitoring and alerting.

STIX integration partner logo


Structured Threat Information Expression (STIX) is a structured language for describing cyber threat information, so it can be shared, stored and analyzed in a consistent manner.


Syslog is used for system management and security auditing, as well as general informational, analysis, and debugging messages.


Intelligence-driven orchestration, threat intelligence platform, and security operations and analytics platform.


Analyzing suspicious files and URLs to detect types of malware including viruses, worms, and Trojans.


This protocol stores and delivers database content in a human-readable format, and is used look up domains, people and other resources related to domain and number registrations.

If you are interested in a potential integration of your security technology with our IncMan platform, please feel free to contact us.