Integration Partners

Seamlessly Integrate and Orchestrate Your Security Tools.

As we continue to develop our Security Orchestration, Automation and Response platform, IncMan SOAR, one of our main goals is to provide a streamlined integration with the most popular third-party security tools and technologies.

DFLabs aims to leverage their capabilities and create the most comprehensive and efficient security operations solution possible.

Currently, IncMan SOAR supports hundreds of third-party security technologies via QIC, API, CEF, Syslog, and Email, with a constantly growing list of certified bidirectional integrations and provides an Open Integration Framework for custom integrations.


Gather IP Reputation Information with DFLabs Integration with AbuseIPDB.

AccessData FTK

Forensic acquisition and verification information from FTK.

AlienVault OTX

Open threat sharing and intelligence platform.

AlienVault USM Anywhere

Search events, alarms, and update labels in AlienVault USM Anywhere.


Gather detonation data for files and URL using ANY.RUN.

AWS CloudTrail

Interact with AWS CloudTrail through Trails and Events.

AWS CloudWatch

Interact with AWS CloudWatch through Groups, Streams, Metric Filters, and Retention Policies.


Using the integration with EC2, you can enrich incidents with specific EC2 data, create and delete snapshots, work with elastic addresses and instances, and manipulate security groups.

AWS GuardDuty

Interact with AWS GuardDuty during incident investigation.


Using the integration with IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

AWS Route 53

Interact with DNS records through AWS Route53.


Interact with AWS S3 buckets, objects, and policies.

AWS Security Hub

Comprehensive view of your high-priority security alerts and compliance status across AWS accounts.


Utilize AWS SQS queues during incident investigations.


Scripting for custom solutions and integrations.

Basis Technology Cyber Triage

Perform agentless triage of endpoints to gather incident artifacts and IOCs.


Enrich incident evidence with threat intelligence data from Blueliv.

BMC Remedy

Comprehensive IT service management.

Solution brief

CA Service Desk

IT service desk management solution.

Carbon Black Defense

Next generation antivirus, streaming defense with AV machine learning capabilities.

Solution brief

Carbon Black Protection

Application control and critical infrastructure protection for the endpoint.

Solution brief

Carbon Black Response

Advanced endpoint detection and response.

Carbon Black Threat Hunter

Interact with watchlists, files, and processes using Carbon Black Threat Hunter.


Search Censys for enrichment data during active investigation.


Unified Security Management for network and cloud environments.

Solution brief


Utilize Cherwell ticketing during incident investigations.


Query CIRCL's CVE database for vulnerability information.

Cisco AMP

Advanced endpoint detection and response solution.

Cisco ASA

Protect corporate networks and data centers of all sizes with Cisco's Adaptive Security Appliance.

Cisco Email Security

Email security and management solution, formerly known as IronPort.

Cisco Email Security (ESA)

Block email related IOCs with IncMan's integration with Cisco Email Security.

Cisco Firepower

Complete and unified management of network devices, intrusion detection and malware prevention.

Cisco Firepower

Utilize packet data and search into Cisco Firepower events.

Cisco IOS XE

Utilize and manipulate ACLs and Interfaces with Cisco IOS XE.

Cisco ISE

Utilize Cisco ISE session, policy, and security group information during an investigation.

Cisco Meraki

The leader in cloud controlled WiFi, routing, and security.

Cisco Talos

Query threat intelligence generated by the Cisco Talos group.

Cisco Threat Grid

Advanced sandboxing and threat intelligence to detect malware.

Solution brief

Cisco Threat Response

Gather Cisco Threat Response threat intelligence data to enrich incident artifacts.

Cisco Umbrella

Cloud-based security Internet gateway.

Solution brief

Cisco Umbrella Investigate

Advanced intelligence and reputation data for domains, IP addresses and ASNs.


Formerly PhishMe. Comprehensive phishing intelligence to detect and block phishing attacks.

Solution brief

ConnectWise Manage

Create, update, search, and gather ticket information from ConnectWise.


Utilize Corelight during incident investigation.

CrowdStrike Falcon

Advanced endpoint detection and response.

Cuckoo Sandbox

Open source automated malware analysis platform.

Solution brief

CyberArk Application Access Managment (AAM)

Utilize CyberArk Application Access Management during Incident Investigations.


End-to-end solution for endpoint protection, detection, investigation and response.

Solution brief


AI driven technology prevents attacks before they can damage your devices, network, or reputation.


Perform threat intelligence evidence gathering with DarkOwl.

Digital Shadows

Minimize digital risk by identifying unwanted exposure and protecting against external threats.

Domain Dossier

WHOIS information for domains and IP addresses.


DomainTools Iris Investigate for advanced reputation services.

Solution brief

Elastic Stack

Reliably and securely take data from any source, in any format, and search, analyze, and visualize it.


SMTP and IMAP for sending and receiving email.

F5 AS3

Manipulate F5 AS3 configurations during an active investigation.

Fidelis Elevate Network

Network traffic analysis, data loss prevention (DLP), threat detection and response across networks.

FireEye AX

Inspect malicious files using FireEye AX.

FireEye Central Management (CM)

Centralize device and intelligence management to correlate data across attack vectors.

FireEye Email Security (EX)

Cloud-based secure email gateway.

FireEye Helix

Query FireEye Helix to gather enrichment data during an incident investigation.

FireEye HX

Advanced endpoint detection and response.

FireEye Network Security (NX)

Effective protection against cyber breaches for midsize to large organizations.

FireEye Threat Intelligence

Rich context to mitigate threats.


Security-driven analytics and log management.


High threat protection performance with automated visibility to stop attacks.


Stop advanced email threats and prevent data loss.


Unified event correlation and risk management for modern networks.


Comprehensive web application security.


Interact with FreshDesk contacts and tickets.


Free email service from Google.

Hacker Target

Online resource for information gathering and scanning.

Hatching Triage

Denote files with Hatching Triage Malware Sandbox.

HP Universal CMDB

Gather host configuration data with HP Universal CMDB.

Hybrid Analysis

Online sandbox for file and URL analysis.


Suite of database-server products from IBM.

IBM QRadar

Security Information and Event Management from IBM.

IBM X-Force Exchange

Trusted threat intelligence and reputation sharing solution.

Imperva Incapsula

Gather statistical information from Incapsula for incident investigation.

Imperva SecureSphere

Retrieve and modify IP groups for incident investigation and remediation.

Javelin AD Protect

Gather detailed information from Javelin AD Protect alerts.

Solution brief


Issue and project tracking solution for IT and development.

Solution brief

Joe Sandbox

Execute suspicious files and URLs for analysis during incident investigation using Joe Sandbox.

Kaspersky Threat Intelligence Portal

Global intelligence delivering in-depth visibility into threats targeting your business.


Utilize findings from KnowBe4 security awareness training events during an incident investigation.

Lastline Analyst

Safely execute malware samples in advanced malware inspection and isolation environment.


Open protocol for maintaining a distributed directory information service.


Next generation Security Information and Event Management solution.

Solution brief


Decentralized network for surveillance-resistant and censorship-resistant applications.

Malware Bazaar

Enrich malware evidence with Malware Bazaar.


Graphical geolocation information for IP addresses.

McAfee ATD

Advanced threat detection and investigation solution.

McAfee ePO

Flexible, scalable centralized security management software.

McAfee ESM

Work with McAfee ESM Events, Alarms and Watchlists.

McAfee TIE

Comprehensive threat intelligence platform utilizing OpenDXL.

McAfee Web Gateway

High performance on-premise web gateway and security appliance.

Micro Focus ArcSight ESM

Security Information and Event Management from Micro Focus.

Solution brief

Micro Focus ArcSight Logger

Universal log management solution that unifies searching and reporting.

Solution brief

Microsoft Active Directory

Query and contain users and computers through Microsoft Active Directory.

Microsoft Azure Security Center

Manage security alerts, tasks and policies within the Microsoft Azure environment.

Microsoft Azure Sentinel

Utilize Sentinel incidents and alerts during active incident investigations.

Microsoft Exchange (EWS)

Web services for the Microsoft Exchange messaging solution.

Microsoft Graph Security

Correlate alerts, get context for investigation, and automate security operations.

Microsoft OneDrive

Utilize and manipulate files for incident investigation using OneDrive.

Microsoft PowerShell

PowerShell scripting for custom solutions and integrations.

Microsoft Sharepoint

Utilize Microsoft Sharepoint lists, files, and folders during incident investigations.

Microsoft SQL Server

Relational database management system from Microsoft.

MISP Threat Sharing

Open source threat intelligence and indicator sharing platform.


Utilize MXToolbox to gather MX records for enrichment data during incident investigation.


Open source relational database management system from MySQL.

Netscout Arbor

Gather detail-rich data from Netscout Arbor alerts.

Nozomi Networks

Gain visibility across OT and IoT environments with Nozomi Networks.


Interact with Okta users, groups, and system logging information.


Open framework for sharing threat intelligence and indicators.

OpenText EnCase

Computer forensics and digital investigations suite.

OpenText EnCase Endpoint Security

Collect evidence, create events and investigations, and issue containment actions with EnCase Endpoint Security.


Automatically notify and update all incident response team members during an incident.

Solution brief

Palo Alto Auto Focus

Utilize Palo Alto Auto Focus threat intelligence feeds during incident investigation.

Palo Alto NGFW

Manage Palo Alto next generation firewalls using PAN-OS.

Palo Alto Panorama

Centralized network security management platform.

Palo Alto Wildfire

Cloud-based threat analysis and intelligence service.


Simplify the event investigation process by providing a consolidated platform of data necessary to accurately understand, triage, and address security events.


Perl scripting for custom solutions and integrations.


A collaborative clearing house for data and information about phishing on the Internet.


Open source relational database management system from PostgreSQL.

Pulse Secure

Secure remote access points during an incident investigation with DFLabs and Pulse Secure.


Python scripting for custom solutions and integrations.


Launch and manage scans and utilize Qualys scan data to enrich incident artifact.

Solution brief

Rapid 7 Insight IDR

Interact with Insight IDR investigations during an active incident investigation.

Rapid7 Nexpose

Utilize and interact with Rapid7 Nexpose scan data during incident investigation.

Recorded Future

Universal threat intelligence solution providing relevant insights in real time.

Solution brief

RSA NetWitness Platform

Advanced network logging, threat detection and response.

Solution brief

Screenshot Machine

Capture screenshots of websites as they currently exist.

Security Scorecard

Create, update, and delete portfolios as well as gather enrichment data on all current portfolios.


A modern SIEM platform with next-generation capabilities.


Suite of ITSM modules supporting many aspects of IT and security.


The World's first search engine for Internet-connected devices.


Create chats and send messages with IncMan's integration with Skype.

SolarWinds Orion

Perform a wide variety of Enrichment, Notification, and Containment actions for incident investigation and response with SolarWinds Orion.

Sophos Central

Utilize Sophos Central enrichment data during incident investigations.


Security Information and Event Management from Splunk.

Stellar Cyber Starlight

Query Starlight events during active incident investigations with IncMan's integration with Stellar Cyber Starlight.


Industry standard frameworks for describing and sharing various threat information.

Sumo Logic

Interact with Sumo Logic jobs during an active incident investigation.

Symantec DeepSight

Gather threat intelligence data from Symantec DeepSight for incident investigation.

Symantec Endpoint Protection

Work with Symantec Endpoint Protection groups and events, and issue containment actions during an active incident.

Symantec Endpoint Protection Cloud

Cloud-hosted enterprise endpoint protection.

Symantec Secure Web Gateway

Comprehensive Web Application Security.

Symantec SWS

Incorporate Symantec SWS tickets and incidents during incident investigation.

Symantec WebPulse

Site review request service by Symantec.


Messaging protocol for sharing log data and other information.


Forensic acquisition and verification information from Tableau Forensic Imagers.


Industry standard framework for describing and sharing various threat information.

Cloud-based vulnerability management platform.

Solution brief

Industry leading vulnerability scanning and management platform


Open source incident and observable tracking platform.

Threat Crowd

Search malicious indicators using Threat Crowd intelligence feeds.


To find threats and evaluate risk.


Search DNS records for enrichment data with DFLabs integration with ThreatMiner.

Trend Micro Deep Security

Utilize Trend Micro Deep Security to interact with IP lists, firewall and intrusion rules, and gather enrichment data during incident investigations.


Orchestrate network policies and compliance through a centralized platform.

Solution brief


Cloud communications platform as a service to send SMS messages.


Threat intelligence provider operated by

Scan and analyze websites.


Analyze suspicious files and URLs online using industry leading detection technologies.

VMWare vSphere

Utilize and manipulate virtual machines during an incident investigation with VMWare vSphere.


Domain name lookup service to search the Whois database for domain name registration information.


Forensic acquisition and verification information from X-Ways.


Monitor and respond to incidents involving Zoom video conferencing.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo