Key Features & Capabilities.
The DFLabs Difference
Click to find out more
DFLabs IncMan SOAR is the only Security Orchestration, Automation and Response (SOAR) platform capable of full incident lifecycle automation, that includes built-in, automated threat intelligence gathering, risk assessment, triage and notification, context enrichment, hunting and investigating, threat containment and more.
This feature rich, unique and scalable SOAR platform provides context to security incidents, automates actions, orchestrates response to activities, while enabling full reporting and measurement functionality across all stakeholders.
Detect, respond to and remediate all security incidents fast, before they impact your organization.
Click to find out more
Reduce the time from incident discovery to containment from hours to seconds with DFLabs R3 Rapid Response Runbooks. Fully automate the triage, investigation and containment of threats using complex, stateful and conditional logical decision making with 100+ out of the box automation actions.
Used in conjunction with customizable Playbooks, organizations are provided with linear checklists of required steps and actions to successfully respond to specific incident types, threats and meet regulatory frameworks including NIST, GDPR and ISO standards.
Complemented by our dual-mode action capabilities; fully and semi-automated actions provide security administrators the ability to determine the appropriate amount of automation required at every stage of the response process, with the final decision taken by a human analyst if required.
Gain complete visibility of your organization’s threat landscape, with all data recorded, correlated and accessible in a single solution for security teams to analyse and respond to alerts in real-time.
Data gathered from previous incidents provides analysts with an invaluable resource, transforming previous indicators and actions into actionable threat intelligence to inform future decisions and responses.
Analysts can investigate indicators of compromise (IoCs), add context and perform an efficient and effective response using a dynamic and actionable investigation interface. Executing ad-hoc automation actions directly from IncMan SOAR’s Observables Investigator enables for faster response and its Correlation Engine allows for the ease of visualizing relationships between incidents.
Collaboratively manage complex incidents across a range of stakeholders through IncMan SOAR’s variety of incident management features. Orchestrate technology, people and processes by managing tasks, tracking indicators and intelligence, conducting notifications, interacting with third-party tools and maintaining a complete audit log of incident activity throughout every incident.
IncMan SOAR’s complete customizability makes it the ideal solution for managing a wide variety of incidents, including any type of cyber incident, as well as non-cyber use cases such as financial fraud and physical security incidents. Create incidents manually, or automatically through any one of the growing number of data ingestion sources to begin response and mitigation before an analyst even puts hands on it.
Automate and orchestrate actions in third-party solutions across a wide variety of security and IT product spaces with over 45 certified bidirectional connectors and over 100 built-in automation actions.
Extend existing integrations or build completely new integrations with DFLabs’ Open Integration Framework, which allows users the flexibility to define integrations using an open, easy to implement, text based framework.
DFLabs’ user defined and hybrid integrations function seamlessly to automate and orchestrate actions across any combination of solutions. Ingest events from any source using IncMan SOAR’s customizable email and syslog parsers, as well as the robust REST API. Accelerate time to value without the need for expensive professional services.
Documenting evidence and tracking chain of custody is an important process during an investigation of any size. IncMan SOAR allows investigators to track evidence from servers and workstations, to forensic images and logical evidence with ease. Support for eDiscovery practices makes documenting complex eDiscovery cases an integrated part of the process.
The ability to track chain of custody of all evidence within the solution ensures the integrity and admissibility of the evidence. IncMan SOAR’s integration with the most popular forensic solutions enables all pertinent information to be stored and documented in a single location and immediately shared with all relevant stakeholders.
Measure, benchmark and optimize security operations and incident response activities and performance. IncMan SOAR’s customizable dashboards and widgets display a range of KPIs and metrics utilizing its integrated reporting engines and templates.
Over 140 KPI reports readily available for operational performance, incidents, threats and regulatory compliance allow organizations to immediately begin measuring every aspect of the security program.
Comprehensive incident metrics measure every phase of the incident response process for optimization, benchmarking and SLA calculation, while threat and incident data can be visualized and analyzed to enable threat hunting and advanced data analysis at all stakeholder levels.
Our patent-pending Automated Responder Knowledge (ARK) engine applies machine learning by comparing actions from previous incidents with hundreds of incident attributes to recommended relevant playbooks and actions to effectively and efficiently manage and mitigate future incidents. Knowledge gained by ARK through previous responses is automatically transferred to analysts and responders, ensuring a consistent and repeatable response.
IncMan SOAR's Knowledge Base module can be maintained internally, managed and updated by DFLabs dedicated research team, or a combination of both, to provide teams with the actionable knowledge required to conduct a consistent response across a wide variety of events as well as demonstrate compliance with state, federal and international breach regulations. The subscription to DFLabs’ Knowledge Base repository includes references to threat catalogs, frameworks, standards, regulations and more.
The extensive knowledge codified through these features remains with the organization, regardless of employee turnover, allowing new or junior analysts to become effective members of the team as quickly as possible.
Our Community Portal serves as a hub for customers and partners, where they can access the latest information and first-hand support, as well as share knowledge and integrations. Key features and highlights of the Portal includes:
The IncMan SOAR Community Edition (IncMan CE) is a free version of our award-winning SOAR platform that allows organizations to test and experience the benefits of automated incident response.
IncMan CE is a nearly full featured version of IncMan SOAR that provides integration with third-party security tools and access to DFLabs patent-pending R3 Rapid Response Runbooks for unattended automation of repetitive security alert processing and assessment tasks. IncMan CE is available to qualified users including educational institutes, research groups and organizations interested in evaluating IncMan SOAR for purchase, where they can access and test in pre-production environments many of the features and capabilities of the full IncMan SOAR solution.
Improve efficiencies by enabling your security analysts to access and manage all tools, technologies and processes from one intuitive platform.
IncMan SOAR supports hundreds of 3rd party security technologies via QIC, API, CEF, Syslog and Email, with a constantly growing list of certified bidirectional integrations and Open Integration Framework for custom integrations.