Free community edition

Request a demo

Integration Partners

Seamlessly Integrate and Orchestrate Your Security Tools.

As we continue to develop our Security Orchestration, Automation and Response platform, IncMan SOAR, one of our main goals is to provide a streamlined integration with the most popular third-party security tools and technologies.

DFLabs aims to leverage their capabilities and create the most comprehensive and efficient security operations solution possible.

Currently, IncMan SOAR supports hundreds of third-party security technologies via QIC, API, CEF, Syslog, and Email, with a constantly growing list of certified bidirectional integrations and provides an Open Integration Framework for custom integrations.

AccessData FTK

Forensic acquisition and verification information from FTK.

AlienVault OTX

Open threat sharing and intelligence platform.

AlienVault USM Anywhere

Search events, alarms, and update labels in AlienVault USM Anywhere.

AWS Security Hub

Comprehensive view of your high-priority security alerts and compliance status across AWS accounts.


Scripting for custom solutions and integrations.

Basis Technology Cyber Triage

Perform agentless triage of endpoints to gather incident artifacts and IOCs.

BMC Remedy

Comprehensive IT service management.

Solution brief

CA Service Desk

IT service desk management solution.

Carbon Black Defense

Next generation antivirus, streaming defense with AV machine learning capabilities.

Carbon Black Protection

Application control and critical infrastructure protection for the endpoint.

Carbon Black Response

Advanced endpoint detection and response.


Unified Security Management for network and cloud environments.

Solution brief


Query CIRCL's CVE database for vulnerability information.

Cisco AMP

Advanced endpoint detection and response solution.

Cisco ASA

Protect corporate networks and data centers of all sizes with Cisco's Adaptive Security Appliance.

Cisco Email Security

Email security and management solution, formerly known as IronPort.

Cisco Firepower

Complete and unified management of network devices, intrusion detection and malware prevention.

Cisco Firepower

Utilize packet data and search into Cisco Firepower events.

Cisco IOS XE

Utilize and manipulate ACLs and Interfaces with Cisco IOS XE.

Cisco ISE

Utilize Cisco ISE session, policy, and security group information during an investigation.

Cisco Meraki

The leader in cloud controlled WiFi, routing, and security.

Cisco Talos

Query threat intelligence generated by the Cisco Talos group.

Cisco Threat Grid

Advanced sandboxing and threat intelligence to detect malware.

Cisco Umbrella

Cloud-based security Internet gateway.

Cisco Umbrella Investigate

Advanced intelligence and reputation data for domains, IP addresses and ASNs.


Formerly PhishMe. Comprehensive phishing intelligence to detect and block phishing attacks.

ConnectWise Manage

Create, update, search, and gather ticket information from ConnectWise.


Utilize Corelight during incident investigation.

CrowdStrike Falcon

Advanced endpoint detection and response.

Cuckoo Sandbox

Open source automated malware analysis platform.

Solution brief


End-to-end solution for endpoint protection, detection, investigation and response.


AI driven technology prevents attacks before they can damage your devices, network, or reputation.


Perform threat intelligence evidence gathering with DarkOwl.

Digital Shadows

Minimize digital risk by identifying unwanted exposure and protecting against external threats.

Domain Dossier

WHOIS information for domains and IP addresses.


DomainTools Iris Investigate for advanced reputation services.

Elastic Stack

Reliably and securely take data from any source, in any format, and search, analyze, and visualize it.


SMTP and IMAP for sending and receiving email.

F5 AS3

Manipulate F5 AS3 configurations during an active investigation.

Fidelis Elevate Network

Network traffic analysis, data loss prevention (DLP), threat detection and response across networks.

FireEye Central Management (CM)

Centralize device and intelligence management to correlate data across attack vectors.

FireEye Email Security (EX)

Cloud-based secure email gateway.

FireEye HX

Advanced endpoint detection and response.

FireEye Network Security (NX)

Effective protection against cyber breaches for midsize to large organizations.

FireEye Threat Intelligence

Rich context to mitigate threats.


Security-driven analytics and log management.


High threat protection performance with automated visibility to stop attacks.


Stop advanced email threats and prevent data loss.


Unified event correlation and risk management for modern networks.


Comprehensive web application security.


Free email service from Google.

Hacker Target

Online resource for information gathering and scanning.

HP Universal CMDB

Gather host configuration data with HP Universal CMDB.

Hybrid Analysis

Online sandbox for file and URL analysis.


Suite of database-server products from IBM.

IBM QRadar

Security Information and Event Management from IBM.

IBM X-Force Exchange

Trusted threat intelligence and reputation sharing solution.

Imperva Incapsula

Gather statistical information from Incapsula for incident investigation.

Imperva SecureSphere

Retrieve and modify IP groups for incident investigation and remediation.

Javelin AD Protect

Gather detailed information from Javelin AD Protect alerts.

Solution brief


Issue and project tracking solution for IT and development.

Solution brief

Kaspersky TIP

Utilize Kaspersky threat intelligence feeds during incident investigation.


Utilize findings from KnowBe4 security awareness training events during an incident investigation.

Lastline Analyst

Safely execute malware samples in advanced malware inspection and isolation environment.


Open protocol for maintaining a distributed directory information service.


Next generation Security Information and Event Management solution.

Solution brief


Decentralized network for surveillance-resistant and censorship-resistant applications.


Graphical geolocation information for IP addresses.

McAfee ATD

Advanced threat detection and investigation solution.

McAfee ePO

Flexible, scalable centralized security management software.

McAfee ESM

Work with McAfee ESM Events, Alarms and Watchlists.

McAfee TIE

Comprehensive threat intelligence platform utilizing OpenDXL.

McAfee Web Gateway

High performance on-premise web gateway and security appliance.

Micro Focus ArcSight ESM

Security Information and Event Management from Micro Focus.

Solution brief

Micro Focus ArcSight Logger

Universal log management solution that unifies searching and reporting.

Solution brief

Microsoft Active Directory

Query and contain users and computers through Microsoft Active Directory.

Microsoft Azure Security Center

Manage security alerts, tasks and policies within the Microsoft Azure environment.

Microsoft Exchange (EWS)

Web services for the Microsoft Exchange messaging solution.

Microsoft Graph Security

Correlate alerts, get context for investigation, and automate security operations.

Microsoft OneDrive

Utilize and manipulate files for incident investigation using OneDrive.

Microsoft PowerShell

PowerShell scripting for custom solutions and integrations.

Microsoft Sharepoint

Utilize Microsoft Sharepoint lists, files, and folders during incident investigations.

Microsoft SQL Server

Relational database management system from Microsoft.

MISP Threat Sharing

Open source threat intelligence and indicator sharing platform.


Open source relational database management system from MySQL.


Open framework for sharing threat intelligence and indicators.

OpenText EnCase

Computer forensics and digital investigations suite.


Automatically notify and update all incident response team members during an incident.

Solution brief

Palo Alto Auto Focus

Utilize Palo Alto Auto Focus threat intelligence feeds during incident investigation.

Palo Alto NGFW

Manage Palo Alto next generation firewalls using PAN-OS.

Palo Alto Panorama

Centralized network security management platform.

Palo Alto Wildfire

Cloud-based threat analysis and intelligence service.


Simplify the event investigation process by providing a consolidated platform of data necessary to accurately understand, triage, and address security events.


Perl scripting for custom solutions and integrations.


A collaborative clearing house for data and information about phishing on the Internet.


Open source relational database management system from PostgreSQL.


Python scripting for custom solutions and integrations.

Recorded Future

Universal threat intelligence solution providing relevant insights in real time.

Solution brief

RSA NetWitness Platform

Advanced network logging, threat detection and response.

Screenshot Machine

Capture screenshots of websites as they currently exist.


A modern SIEM platform with next-generation capabilities.


Suite of ITSM modules supporting many aspects of IT and security.


The World's first search engine for Internet-connected devices.

SolarWinds Orion

Perform a wide variety of Enrichment, Notification, and Containment actions for incident investigation and response with SolarWinds Orion.


Security Information and Event Management from Splunk.


Industry standard frameworks for describing and sharing various threat information.

Symantec DeepSight

Gather threat intelligence data from Symantec DeepSight for incident investigation.

Symantec Endpoint Protection Cloud

Cloud-hosted enterprise endpoint protection.

Symantec Secure Web Gateway

Comprehensive Web Application Security.

Symantec SWS

Incorporate Symantec SWS tickets and incidents during incident investigation.

Symantec WebPulse

Site review request service by Symantec.


Messaging protocol for sharing log data and other information.


Forensic acquisition and verification information from Tableau Forensic Imagers.


Industry standard framework for describing and sharing various threat information.

Tenable SecurityCenter

Industry leading vulnerability scanning and management platform

Cloud-based vulnerability management platform.


Open source incident and observable tracking platform.

Threat Crowd

Search malicious indicators using Threat Crowd intelligence feeds.


To find threats and evaluate risk.


Orchestrate network policies and compliance through a centralized platform.

Solution brief


Cloud communications platform as a service to send SMS messages.


Threat intelligence provider operated by

Scan and analyze websites.


Analyze suspicious files and URLs online using industry leading detection technologies.

VMWare vSphere

Utilize and manipulate virtual machines during an incident investigation with VMWare vSphere.


Domain name lookup service to search the Whois database for domain name registration information.


Forensic acquisition and verification information from X-Ways.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo