As we continue to develop our Security Orchestration, Automation and Response platform, IncMan SOAR, one of our main goals is to provide a streamlined integration with the most popular third-party security tools and technologies.
DFLabs aims to leverage their capabilities and create the most comprehensive and efficient security operations solution possible.
Currently, IncMan SOAR supports hundreds of third-party security technologies via QIC, API, CEF, Syslog, and Email, with a constantly growing list of certified bidirectional integrations and provides an Open Integration Framework for custom integrations.
Gather IP Reputation Information with DFLabs Integration with AbuseIPDB.
Forensic acquisition and verification information from FTK.
Open threat sharing and intelligence platform.
AlienVault USM Anywhere
Search events, alarms, and update labels in AlienVault USM Anywhere.
Gather detonation data for files and URL using ANY.RUN.
Interact with AWS CloudTrail through Trails and Events.
Interact with AWS CloudWatch through Groups, Streams, Metric Filters, and Retention Policies.
Using the integration with EC2, you can enrich incidents with specific EC2 data, create and delete snapshots, work with elastic addresses and instances, and manipulate security groups.
Interact with AWS GuardDuty during incident investigation.
Using the integration with IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
AWS Route 53
Interact with DNS records through AWS Route53.
Interact with AWS S3 buckets, objects, and policies.
AWS Security Hub
Comprehensive view of your high-priority security alerts and compliance status across AWS accounts.
Utilize AWS SQS queues during incident investigations.
Scripting for custom solutions and integrations.
Basis Technology Cyber Triage
Perform agentless triage of endpoints to gather incident artifacts and IOCs.
Enrich incident evidence with threat intelligence data from Blueliv.
Comprehensive IT service management.
CA Service Desk
IT service desk management solution.
Carbon Black Defense
Next generation antivirus, streaming defense with AV machine learning capabilities.
Carbon Black Protection
Application control and critical infrastructure protection for the endpoint.
Carbon Black Response
Advanced endpoint detection and response.
Carbon Black Threat Hunter
Interact with watchlists, files, and processes using Carbon Black Threat Hunter.
Search Censys for enrichment data during active investigation.
Unified Security Management for network and cloud environments.
Utilize Cherwell ticketing during incident investigations.
CIRCL CVE Search
Query CIRCL's CVE database for vulnerability information.
Advanced endpoint detection and response solution.
Protect corporate networks and data centers of all sizes with Cisco's Adaptive Security Appliance.
Cisco Email Security
Email security and management solution, formerly known as IronPort.
Cisco Email Security (ESA)
Block email related IOCs with IncMan's integration with Cisco Email Security.
Complete and unified management of network devices, intrusion detection and malware prevention.
Utilize packet data and search into Cisco Firepower events.
Cisco IOS XE
Utilize and manipulate ACLs and Interfaces with Cisco IOS XE.
Utilize Cisco ISE session, policy, and security group information during an investigation.
The leader in cloud controlled WiFi, routing, and security.
Query threat intelligence generated by the Cisco Talos group.
Cisco Threat Grid
Advanced sandboxing and threat intelligence to detect malware.
Cisco Threat Response
Gather Cisco Threat Response threat intelligence data to enrich incident artifacts.
Cloud-based security Internet gateway.
Cisco Umbrella Investigate
Advanced intelligence and reputation data for domains, IP addresses and ASNs.
Formerly PhishMe. Comprehensive phishing intelligence to detect and block phishing attacks.
Create, update, search, and gather ticket information from ConnectWise.
Utilize Corelight during incident investigation.
Advanced endpoint detection and response.
Open source automated malware analysis platform.
CyberArk Application Access Managment (AAM)
Utilize CyberArk Application Access Management during Incident Investigations.
End-to-end solution for endpoint protection, detection, investigation and response.
AI driven technology prevents attacks before they can damage your devices, network, or reputation.
Perform threat intelligence evidence gathering with DarkOwl.
Minimize digital risk by identifying unwanted exposure and protecting against external threats.
WHOIS information for domains and IP addresses.
DomainTools Iris Investigate for advanced reputation services.
Reliably and securely take data from any source, in any format, and search, analyze, and visualize it.
SMTP and IMAP for sending and receiving email.
Manipulate F5 AS3 configurations during an active investigation.
Fidelis Elevate Network
Network traffic analysis, data loss prevention (DLP), threat detection and response across networks.
Inspect malicious files using FireEye AX.
FireEye Central Management (CM)
Centralize device and intelligence management to correlate data across attack vectors.
FireEye Email Security (EX)
Cloud-based secure email gateway.
Query FireEye Helix to gather enrichment data during an incident investigation.
Advanced endpoint detection and response.
FireEye Network Security (NX)
Effective protection against cyber breaches for midsize to large organizations.
FireEye Threat Intelligence
Rich context to mitigate threats.
Security-driven analytics and log management.
High threat protection performance with automated visibility to stop attacks.
Stop advanced email threats and prevent data loss.
Unified event correlation and risk management for modern networks.
Comprehensive web application security.
Interact with FreshDesk contacts and tickets.
Free email service from Google.
Online resource for information gathering and scanning.
Denote files with Hatching Triage Malware Sandbox.
HP Universal CMDB
Gather host configuration data with HP Universal CMDB.
Online sandbox for file and URL analysis.
Suite of database-server products from IBM.
Security Information and Event Management from IBM.
IBM X-Force Exchange
Trusted threat intelligence and reputation sharing solution.
Gather statistical information from Incapsula for incident investigation.
Retrieve and modify IP groups for incident investigation and remediation.
Javelin AD Protect
Gather detailed information from Javelin AD Protect alerts.
Issue and project tracking solution for IT and development.
Execute suspicious files and URLs for analysis during incident investigation using Joe Sandbox.
Kaspersky Threat Intelligence Portal
Global intelligence delivering in-depth visibility into threats targeting your business.
Utilize findings from KnowBe4 security awareness training events during an incident investigation.
Safely execute malware samples in advanced malware inspection and isolation environment.
Open protocol for maintaining a distributed directory information service.
Next generation Security Information and Event Management solution.
Decentralized network for surveillance-resistant and censorship-resistant applications.
Enrich malware evidence with Malware Bazaar.
Graphical geolocation information for IP addresses.
Advanced threat detection and investigation solution.
Flexible, scalable centralized security management software.
Work with McAfee ESM Events, Alarms and Watchlists.
Comprehensive threat intelligence platform utilizing OpenDXL.
McAfee Web Gateway
High performance on-premise web gateway and security appliance.
Micro Focus ArcSight ESM
Security Information and Event Management from Micro Focus.
Micro Focus ArcSight Logger
Universal log management solution that unifies searching and reporting.
Microsoft Active Directory
Query and contain users and computers through Microsoft Active Directory.
Microsoft Azure Security Center
Manage security alerts, tasks and policies within the Microsoft Azure environment.
Microsoft Azure Sentinel
Utilize Sentinel incidents and alerts during active incident investigations.
Microsoft Exchange (EWS)
Web services for the Microsoft Exchange messaging solution.
Microsoft Graph Security
Correlate alerts, get context for investigation, and automate security operations.
Utilize and manipulate files for incident investigation using OneDrive.
PowerShell scripting for custom solutions and integrations.
Utilize Microsoft Sharepoint lists, files, and folders during incident investigations.
Microsoft SQL Server
Relational database management system from Microsoft.
MISP Threat Sharing
Open source threat intelligence and indicator sharing platform.
Utilize MXToolbox to gather MX records for enrichment data during incident investigation.
Open source relational database management system from MySQL.
Gather detail-rich data from Netscout Arbor alerts.
Gain visibility across OT and IoT environments with Nozomi Networks.
Interact with Okta users, groups, and system logging information.
Open framework for sharing threat intelligence and indicators.
Computer forensics and digital investigations suite.
OpenText EnCase Endpoint Security
Collect evidence, create events and investigations, and issue containment actions with EnCase Endpoint Security.
Automatically notify and update all incident response team members during an incident.
Palo Alto Auto Focus
Utilize Palo Alto Auto Focus threat intelligence feeds during incident investigation.
Palo Alto NGFW
Manage Palo Alto next generation firewalls using PAN-OS.
Palo Alto Panorama
Centralized network security management platform.
Palo Alto Wildfire
Cloud-based threat analysis and intelligence service.
Simplify the event investigation process by providing a consolidated platform of data necessary to accurately understand, triage, and address security events.
Perl scripting for custom solutions and integrations.
A collaborative clearing house for data and information about phishing on the Internet.
Open source relational database management system from PostgreSQL.
Secure remote access points during an incident investigation with DFLabs and Pulse Secure.
Python scripting for custom solutions and integrations.
Launch and manage scans and utilize Qualys scan data to enrich incident artifact.
Rapid 7 Insight IDR
Interact with Insight IDR investigations during an active incident investigation.
Utilize and interact with Rapid7 Nexpose scan data during incident investigation.
Universal threat intelligence solution providing relevant insights in real time.
RSA NetWitness Platform
Advanced network logging, threat detection and response.
Capture screenshots of websites as they currently exist.
Create, update, and delete portfolios as well as gather enrichment data on all current portfolios.
A modern SIEM platform with next-generation capabilities.
Suite of ITSM modules supporting many aspects of IT and security.
The World's first search engine for Internet-connected devices.
Create chats and send messages with IncMan's integration with Skype.
Perform a wide variety of Enrichment, Notification, and Containment actions for incident investigation and response with SolarWinds Orion.
Utilize Sophos Central enrichment data during incident investigations.
Security Information and Event Management from Splunk.
Stellar Cyber Starlight
Query Starlight events during active incident investigations with IncMan's integration with Stellar Cyber Starlight.
Industry standard frameworks for describing and sharing various threat information.
Interact with Sumo Logic jobs during an active incident investigation.
Gather threat intelligence data from Symantec DeepSight for incident investigation.
Symantec Endpoint Protection
Work with Symantec Endpoint Protection groups and events, and issue containment actions during an active incident.
Symantec Endpoint Protection Cloud
Cloud-hosted enterprise endpoint protection.
Symantec Secure Web Gateway
Comprehensive Web Application Security.
Incorporate Symantec SWS tickets and incidents during incident investigation.
Site review request service by Symantec.
Messaging protocol for sharing log data and other information.
Forensic acquisition and verification information from Tableau Forensic Imagers.
Industry standard framework for describing and sharing various threat information.
Cloud-based vulnerability management platform.
Industry leading vulnerability scanning and management platform
Open source incident and observable tracking platform.
Search malicious indicators using Threat Crowd intelligence feeds.
To find threats and evaluate risk.
Search DNS records for enrichment data with DFLabs integration with ThreatMiner.
Trend Micro Deep Security
Utilize Trend Micro Deep Security to interact with IP lists, firewall and intrusion rules, and gather enrichment data during incident investigations.
Orchestrate network policies and compliance through a centralized platform.
Cloud communications platform as a service to send SMS messages.
Threat intelligence provider operated by abuse.ch.
Scan and analyze websites.
Analyze suspicious files and URLs online using industry leading detection technologies.
Utilize and manipulate virtual machines during an incident investigation with VMWare vSphere.
Domain name lookup service to search the Whois database for domain name registration information.
Forensic acquisition and verification information from X-Ways.
Monitor and respond to incidents involving Zoom video conferencing.