IncMan for CSIRT

IncMan for CSIRT – Incident Response Management Platform

DFLabs IncMan for CSIRT is a case management platform designed for managing, storing and reporting on information gathered during digital investigative operations with segregation of duties, incident categorization, and a knowledge base module for defining policies and procedure. It includes advanced reporting and integration with common forensic tools to support investigators in performing incident, evidence and records management.

IncMan is an incident response management platform for preparing notes, managing forensic images with automatic upload of acquisition data, snapshots and bookmarks as well as generating chain of custody reports. IncMan imports data from all of the common endpoint and forensic tools, such as FTK, EnCase, Xways, Tableau and ICS Solo.

IncMan for CSIRT

It is possible to ingest feeds from various 3rd party technologies such as SIEM events, Endpoint Forensics, Email from ticketing systems and data from malware analyzers, and from all devices that can send syslog messages. Alerts are collected and escalated to be converted into incidents.

There is also an option of using web forms that can be made available via web portal or intranet to enable users to report incidents to the Security Operation Centre or Computer Security IR Team to initiate investigations. Once an incident is created in IncMan, an automated response to update and prioritize different tasks can be activated and assigned to the appropriate team.

IncMan for CSIRT Benefits at a glance

The table below highlights some of the benefits that IncMan offers to CSIRT’s:

Core CSIRT Benefits IncMan’s Solution
Security assessment and cost analysis Assess costs, financial impact and time spent associated with an incident, including the technical and non-technical repercussion.
Incident response case management with data segregation and role-based access Deploy as a Multi-tenant solution with granular role-based access. Business Units can have their own dedicated virtual CSIRT.
Artifact handling Forensic evidence and artifacts can be stored in a centralized repository.
Metrics, advanced reporting and Correlation engine Generate key metrics and customized KPI reports for supervisors and managers including a correlation engine that correlates all relevant IOCs and artifacts between incidents.
Forensic evidence collection Integration with Forensic duplicators, eDiscovery management, evidence management in a dedicated Forensic laboratory and an extensive inventory of all Forensics capabilities.
Evidence tracking and standardized labels Chain of custody reporting for easy tracking of evidence including barcode labeling as well as CSIRTs standardized incident/host/evidence/clone labels.
Knowledgebase Module  IncMan includes a Knowledge base Module to document playbooks, threat assessment, situational awareness and to transfer best practices from experienced to novice analysts and share knowledge across the CSIRT team.
Fully customizable and dynamic user interface Customizable dashboards and widgets to view and track the status of incidents and the performance of the CSIRT.

Speak to one of our representatives to find out more.

Integration partners

IncMan integrates with leading digital forensics and  cyber security technologies for automated evidence gathering and context enrichment


Want to see IncMan in action?

DFLabs is the pioneer in Security Automation & Orchestration technology, leveraging your existing security products to dramatically reduce the response and remediation gap caused by limited resources and the increasing volume of threats and incidents