IncMan SOAR Overview

DFLabs' Security Orchestration, Automation and Response Platform.

DFLabs IncMan SOAR is the only Security Orchestration, Automation & Response (SOAR) platform capable of full incident lifecycle automation, that includes built-in, automated threat intelligence gathering, risk assessment, triage and notification, context enrichment, hunting and investigating, threat containment and more.

This feature rich, unique and scalable SOAR platform provides context to security incidents, automates actions, orchestrates response to activities, while enabling full reporting and measurement functionality across all stakeholders.

Detect, respond to and remediate all security incidents fast, before they impact your organization.

Key Features & Capabilities.

The DFLabs Difference

Click to find out more

  • Automation & Orchestration
  • Hunting & Investigation
  • Incident Management
  • Flexible Integrations & Event Parsing
  • Forensic Evidence Management
  • Reporting & KPIs
  • Knowledge Transfer & Machine Learning

Dual-Mode R3 Rapid Response Runbooks & Playbooks

Reduce the time from incident discovery to containment from hours to seconds with DFLabs R3 Rapid Response Runbooks. Fully automate the triage, investigation and containment of threats using complex, stateful and conditional logical decision making with 100+ out of the box automation actions.

Used in conjunction with customizable Playbooks, organizations are provided with linear checklists of required steps and actions to successfully respond to specific incident types, threats and meet regulatory frameworks including NIST, GDPR and ISO standards.

Complemented by our dual-mode action capabilities; fully and semi-automated actions provide security administrators the ability to determine the appropriate amount of automation required at every stage of the response process, with the final decision taken by a human analyst if required.

Observables Hunter & Correlation Engine with Threat Intelligence Capabilities

Gain complete visibility of your organization’s threat landscape, with all data recorded, correlated and accessible in a single solution for security teams to analyse and respond to alerts in real-time.

Data gathered from previous incidents provides analysts with an invaluable resource, transforming previous indicators and actions into actionable threat intelligence to inform future decisions and responses.

Analysts can investigate indicators of compromise (IoCs), add context and perform an efficient and effective response using a dynamic and actionable investigation interface. Executing ad-hoc automation actions directly from IncMan SOAR’s Observables Investigator enables for faster response and its Correlation Engine allows for the ease of visualizing relationships between incidents.

Holistic Incident Management for the Entire Response Lifecycle

Collaboratively manage complex incidents across a range of stakeholders through IncMan SOAR’s variety of incident management features. Orchestrate technology, people and processes by managing tasks, tracking indicators and intelligence, conducting notifications, interacting with third-party tools and maintaining a complete audit log of incident activity throughout every incident.

IncMan SOAR’s complete customizability makes it the ideal solution for managing a wide variety of incidents, including any type of cyber incident, as well as non-cyber use cases such as financial fraud and physical security incidents. Create incidents manually, or automatically through any one of the growing number of data ingestion sources to begin response and mitigation before an analyst even puts hands on it.

Over 100 Customizable Automation Actions & a Flexible Framework

Automate and orchestrate actions in third-party solutions across a wide variety of security and IT product spaces with over 45 certified bidirectional connectors and over 100 built-in automation actions.

Extend existing integrations or build completely new integrations with DFLabs’ Open Integration Framework, which allows users the flexibility to define integrations using an open, easy to implement, text based framework.

DFLabs’ user defined and hybrid integrations function seamlessly to automate and orchestrate actions across any combination of solutions. Ingest events from any source using IncMan SOAR’s customizable email and syslog parsers, as well as the robust REST API. Accelerate time to value without the need for expensive professional services.

Full Chain of Custody Handling & Forensic Duplicator Integrations

Documenting evidence and tracking chain of custody is an important process during an investigation of any size. IncMan SOAR allows investigators to track evidence from servers and workstations, to forensic images and logical evidence with ease. Support for eDiscovery practices makes documenting complex eDiscovery cases an integrated part of the process.

The ability to track chain of custody of all evidence within the solution ensures the integrity and admissibility of the evidence. IncMan SOAR’s integration with the most popular forensic solutions enables all pertinent information to be stored and documented in a single location and immediately shared with all relevant stakeholders.

Role-based KPI Dashboards & Comprehensive Reporting Library

Measure, benchmark and optimize security operations and incident response activities and performance. IncMan SOAR’s customizable dashboards and widgets display a range of KPIs and metrics utilizing its integrated reporting engines and templates.

Over 140 KPI reports readily available for operational performance, incidents, threats and regulatory compliance allow organizations to immediately begin measuring every aspect of the security program.

Comprehensive incident metrics measure every phase of the incident response process for optimization, benchmarking and SLA calculation, while threat and incident data can be visualized and analyzed to enable threat hunting and advanced data analysis at all stakeholder levels.

Automated Responder Knowledge (ARK) & the Knowledge Base Module

Our patent-pending Automated Responder Knowledge (ARK) engine applies machine learning by comparing actions from previous incidents with hundreds of incident attributes to recommended relevant playbooks and actions to effectively and efficiently manage and mitigate future incidents. Knowledge gained by ARK through previous responses is automatically transferred to analysts and responders, ensuring a consistent and repeatable response.

IncMan SOAR's Knowledge Base module can be maintained internally, managed and updated by DFLabs dedicated research team, or a combination of both, to provide teams with the actionable knowledge required to conduct a consistent response across a wide variety of events as well as demonstrate compliance with state, federal and international breach regulations. The subscription to DFLabs’ Knowledge Base repository includes references to threat catalogs, frameworks, standards, regulations and more.

The extensive knowledge codified through these features remains with the organization, regardless of employee turnover, allowing new or junior analysts to become effective members of the team as quickly as possible.

Platform at a Glance.

Dashboard showing Incident Statistics
Incident Playbook for General Malware
Incident Rapid Response Runbook for SQL Injection
Summary of Incident Details

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Seamlessly Integrate and Orchestrate Your Tools Together as One.

Improve efficiencies by enabling your security analysts to access and manage all tools, technologies and processes from one intuitive platform.

IncMan SOAR supports hundreds of 3rd party security technologies via QIC, API, CEF, Syslog and Email, with a constantly growing list of certified bidirectional integrations and Open Integration Framework for custom integrations.

View all integration partners

Request Your Live IncMan SOAR Demo.

DFLabs IncMan SOAR is the pioneering Security Orchestration, Automation and Response (SOAR) platform to automate, orchestrate and measure security operations tasks.

IncMan SOAR harnesses machine learning and automation capabilities to augment human analysts to maximize the effectiveness and efficiency of security operations teams, reducing the time from breach discovery to resolution by up to 80%.

What You'll See in a Demo

See for yourself why IncMan SOAR is the preferred solution of Fortune 500, Global 2000 and MSSP clients. DFLabs IncMan SOAR at a glance:

  • Full and semi-automated Incident Response, improving response times by up to 80%
  • Covers the entire spectrum of IR and SecOps
  • Automated Responder Knowledge (ARK) generated by machine learning
  • Highly flexible and customizable, with over 100 templates and automation actions out of the box
  • Correlation engine correlates all relevant IOCs and artefacts between incidents
  • Multi-tenancy and granular role-based access
  • Dual mode playbooks and intelligence sharing
  • Powerful case management with integrated forensics capabilities.

Yes, I want a demo

DFLabs would like to stay in touch to provide you with marketing related content. By ticking the box you consent to receive educational, company and promotional information from DFLabs and accept DFLabs' Privacy Policy.

* Required fields