Free community edition

Request a demo

IncMan SOAR Overview

DFLabs' Security Orchestration, Automation and Response Platform.

DFLabs IncMan SOAR is the only Security Orchestration, Automation and Response (SOAR) platform capable of full incident lifecycle automation, that includes built-in, automated threat intelligence gathering, risk assessment, triage and notification, context enrichment, hunting and investigating, threat containment and more.

This feature rich, unique and scalable SOAR platform provides context to security incidents, automates actions, orchestrates response to activities, while enabling full reporting and measurement functionality across all stakeholders.

Detect, respond to and remediate all security incidents fast, before they impact your organization.

Key Features & Capabilities.

The DFLabs Difference

Click to find out more

  • Automation & Orchestration
  • Hunting & Investigation
  • Incident Management
  • Flexible Integrations & Event Parsing
  • Forensic Evidence Management
  • Reporting & KPIs
  • Knowledge Transfer & Machine Learning
  • Community Portal & Community Edition

Dual-Mode R3 Rapid Response Runbooks & Playbooks

Reduce the time from incident discovery to containment from hours to seconds with DFLabs R3 Rapid Response Runbooks. Fully automate the triage, investigation and containment of threats using complex, stateful and conditional logical decision making with 100+ out of the box automation actions.

Used in conjunction with customizable Playbooks, organizations are provided with linear checklists of required steps and actions to successfully respond to specific incident types, threats and meet regulatory frameworks including NIST, GDPR and ISO standards.

Complemented by our dual-mode action capabilities; fully and semi-automated actions provide security administrators the ability to determine the appropriate amount of automation required at every stage of the response process, with the final decision taken by a human analyst if required.

Observables Hunter & Correlation Engine with Threat Intelligence Capabilities

Gain complete visibility of your organization’s threat landscape, with all data recorded, correlated and accessible in a single solution for security teams to analyse and respond to alerts in real-time.

Data gathered from previous incidents provides analysts with an invaluable resource, transforming previous indicators and actions into actionable threat intelligence to inform future decisions and responses.

Analysts can investigate indicators of compromise (IoCs), add context and perform an efficient and effective response using a dynamic and actionable investigation interface. Executing ad-hoc automation actions directly from IncMan SOAR’s Observables Investigator enables for faster response and its Correlation Engine allows for the ease of visualizing relationships between incidents.

Holistic Incident Management for the Entire Response Lifecycle

Collaboratively manage complex incidents across a range of stakeholders through IncMan SOAR’s variety of incident management features. Orchestrate technology, people and processes by managing tasks, tracking indicators and intelligence, conducting notifications, interacting with third-party tools and maintaining a complete audit log of incident activity throughout every incident.

IncMan SOAR’s complete customizability makes it the ideal solution for managing a wide variety of incidents, including any type of cyber incident, as well as non-cyber use cases such as financial fraud and physical security incidents. Create incidents manually, or automatically through any one of the growing number of data ingestion sources to begin response and mitigation before an analyst even puts hands on it.

Over 100 Customizable Automation Actions & a Flexible Framework

Automate and orchestrate actions in third-party solutions across a wide variety of security and IT product spaces with over 45 certified bidirectional connectors and over 100 built-in automation actions.

Extend existing integrations or build completely new integrations with DFLabs’ Open Integration Framework, which allows users the flexibility to define integrations using an open, easy to implement, text based framework.

DFLabs’ user defined and hybrid integrations function seamlessly to automate and orchestrate actions across any combination of solutions. Ingest events from any source using IncMan SOAR’s customizable email and syslog parsers, as well as the robust REST API. Accelerate time to value without the need for expensive professional services.

Full Chain of Custody Handling & Forensic Duplicator Integrations

Documenting evidence and tracking chain of custody is an important process during an investigation of any size. IncMan SOAR allows investigators to track evidence from servers and workstations, to forensic images and logical evidence with ease. Support for eDiscovery practices makes documenting complex eDiscovery cases an integrated part of the process.

The ability to track chain of custody of all evidence within the solution ensures the integrity and admissibility of the evidence. IncMan SOAR’s integration with the most popular forensic solutions enables all pertinent information to be stored and documented in a single location and immediately shared with all relevant stakeholders.

Role-based KPI Dashboards & Comprehensive Reporting Library

Measure, benchmark and optimize security operations and incident response activities and performance. IncMan SOAR’s customizable dashboards and widgets display a range of KPIs and metrics utilizing its integrated reporting engines and templates.

Over 140 KPI reports readily available for operational performance, incidents, threats and regulatory compliance allow organizations to immediately begin measuring every aspect of the security program.

Comprehensive incident metrics measure every phase of the incident response process for optimization, benchmarking and SLA calculation, while threat and incident data can be visualized and analyzed to enable threat hunting and advanced data analysis at all stakeholder levels.

Automated Responder Knowledge (ARK) & the Knowledge Base Module

Our patent-pending Automated Responder Knowledge (ARK) engine applies machine learning by comparing actions from previous incidents with hundreds of incident attributes to recommended relevant playbooks and actions to effectively and efficiently manage and mitigate future incidents. Knowledge gained by ARK through previous responses is automatically transferred to analysts and responders, ensuring a consistent and repeatable response.

IncMan SOAR's Knowledge Base module can be maintained internally, managed and updated by DFLabs dedicated research team, or a combination of both, to provide teams with the actionable knowledge required to conduct a consistent response across a wide variety of events as well as demonstrate compliance with state, federal and international breach regulations. The subscription to DFLabs’ Knowledge Base repository includes references to threat catalogs, frameworks, standards, regulations and more.

The extensive knowledge codified through these features remains with the organization, regardless of employee turnover, allowing new or junior analysts to become effective members of the team as quickly as possible.

DFLabs Community Portal & IncMan SOAR Community Edition

Our Community Portal serves as a hub for customers and partners, where they can access the latest information and first-hand support, as well as share knowledge and integrations. Key features and highlights of the Portal includes:

  • Community Forums
  • Searchable Knowledge Base and FAQs
  • Latest Files and Documentation
  • DFLabs’ Framework Integrations
  • Instant Access to DFLabs Support
  • IncMan SOAR Community Edition

The IncMan SOAR Community Edition (IncMan CE) is a free version of our award-winning SOAR platform that allows organizations to test and experience the benefits of automated incident response.

IncMan CE is a nearly full featured version of IncMan SOAR that provides integration with third-party security tools and access to DFLabs patent-pending R3 Rapid Response Runbooks for unattended automation of repetitive security alert processing and assessment tasks. IncMan CE is available to qualified users including educational institutes, research groups and organizations interested in evaluating IncMan SOAR for purchase, where they can access and test in pre-production environments many of the features and capabilities of the full IncMan SOAR solution.

Platform at a Glance.

Dashboard showing Incident Statistics
Incident Playbook for General Malware
Incident Rapid Response Runbook for SQL Injection
Summary of Incident Details

Seamlessly Integrate and Orchestrate Your Tools Together as One.

Improve efficiencies by enabling your security analysts to access and manage all tools, technologies and processes from one intuitive platform.

IncMan SOAR supports hundreds of 3rd party security technologies via QIC, API, CEF, Syslog and Email, with a constantly growing list of certified bidirectional integrations and Open Integration Framework for custom integrations.

View all integration partners

Explore IncMan SOAR with Our Community Edition

See the features and capabilities of our SOAR solution and experience first-hand the benefits of automated incident response with IncMan CE.

Test Drive IncMan SOAR Today.

Sign up now

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo