IncMan SOAR for SOCs

Security Orchestration, Automation and Response for Security Operations Centers.

Download the Full Solution Brief


With a growing volume of security alerts resulting from an increasing veracity of cyber attacks, defending an organization today is a never-ending and complex process. Combined with a number of other common security operations challenges, including a shortage of skilled labor, increased workloads, lack of knowledge transfer and budget restrictions, detecting, responding to and containing all security incidents is becoming an impossible task for security analysts to successfully manage alone.

IncMan SOAR for SOCs is a purpose-built and intuitive platform designed to manage security operations, with the aim to improve SOC performance and the overall effectiveness and efficiency of the organization’s security program, reducing the mean time to detection and response of security incidents.

Through effective automation, orchestration and measurement, and by leveraging existing security solutions, security operations and incident response can be standardized and documented to enable more streamlined workflows and to meet legal and regulatory compliance, with all the security tools and technologies infused into one single platform.

Minimize Incident Resolution Time

Work Smarter & Respond Faster

DFLabs’ library of customizable runbooks orchestrate and automate the response to cyber threats and incident scenarios such as malware, phishing attacks, data breaches, or regulatory breach notification. IncMan SOAR’s patent-pending Automated Responder Knowledge (ARK) module applies machine learning to historical responses to incidents and recommends relevant paths of action to manage and mitigate them.

Maximize Analyst Efficiency

Empower Security Analysts

With its ever-expanding features and capabilities, DFLabs’ IncMan SOAR platform acts as force multiplier, enabling organizations to do more with less. The solution supports security analysts in assessing, investigating and hunting for threats and to gather, maintain and transfer knowledge within the SOC, making it possible to manage more incidents in less time with fewer security analysts, and to do so in a repeatable, measurable and enforceable manner.

Increase Handled Incidents

Improve Operational Performance

IncMan SOAR for SOCs is also an enabler for other key organizational stakeholders, assisting SOC managers by providing detailed data and reports to better understand performance and response times and where improvements need to be made, as well as C-level executives by delivering key operational KPIs and critical business insights.

IncMan SOAR for SOCs at a Glance.

Here are some of benefits that IncMan SOAR offers to Security Operations Centers:

Full incident lifecycle automation with dual mode orchestration

  • Including triage and notification, context enrichment, hunting and investigation and containment of incidents
  • Combine manual, semi-automated and automated actions based on the level of automation required
  • Automate the action without automating the decision, with the final decision taken manually by a human analyst

Augmenting security analysts using machine learning

  • DFLabs patent-pending Automated Responder Knowledge (ARK) module applies machine learning to historical responses to threats
  • Recommends relevant playbooks and paths of action to manage and mitigate them
  • Applies a supervised case-based reasoning machine learning algorithm
  • Learns from the experience and actions of your security team, becoming more effective over time

Aggregation and correlation of security and incident data

  • Support for hundreds of 3rd party security technologies via Syslog, CEF and Email parsing
  • 100+ certified bidirectional connectors are included for leading 3rd party security technologies such as Active Directory, Palo Alto, Cisco Threat Grid, CrowdStrike, and Carbon Black, with many more continuously being added
  • Database querying for MySQL, MSSQL, PostGreSQL, Microsoft Access and Oracle
  • Custom Script execution
  • Open Integration Framework for custom integrations
  • Bidirectional REST API

Customizable linear and conditional playbooks

  • Security analysts can create a library of dedicated, customizable and granular playbooks using a graphical editor for individual threat, incident, or asset types
  • IncMan SOAR comes with 100+ customizable playbooks, and automation actions out of the box
  • Automatic correlation and re-application of playbooks across tenants in multi-user environments

Integrated Knowledge base module to disseminate, share and transfer knowledge from experienced to novice analysts and within the team

  • IncMan SOAR has an integrated Knowledge base Module to document playbooks, threat assessments, threat intelligence, situational awareness and best practices
  • Segregated and dedicated Knowledge bases can be maintained for individual business units or asset groups
  • Integrated Knowledge base library includes GDPR, ISO, NIST and other regulatory frameworks

Repeatable, enforceable, measurable & effective incident response workflows

  • Playbooks support full incident phase management to measure every individual phase of the IR workflow
  • Mandatory steps can be enforced, ensuring that incident response is conducted in a forensically sound, legally and policy-compliant manner

Customizable dashboards and widgets to gain immediate situational awareness of operations and threats

  • Support for a huge variety of key performance indicators and metrics
  • Visualize data with charts, graphs, tables, and meters

Generate operational performance reports with an integrated reporting engine

  • Generate reports for:
    • Operational performance
    • Incidents
    • Threats
    • Regulatory compliance
  • Over 140 customizable KPIs and report templates

Powerful case management

  • Integrated forensics capabilities
  • Forensics and incident response system analysis and evidence management
  • Collaborate with diverse stakeholders
  • Secure collaborative platform for communications, data sharing and reporting

Threat and incident data visualization and analysis

  • Analysis and visualization of IoCs and incident observables
  • Automated threat intelligence fusion
  • Support for STIX, TAXII, OpenIoC, MISP and many open source and commercial TI feeds

Simplicity of Deployment

IncMan SOAR is easy to deploy in multiple configurations suitable for bespoke SOCs.

  • High availability and load balancing
  • Multitenant architecture
  • Scalable incident response platform, can be integrated with NAS and SAN

Speak to one of our representatives to find out more.

Seamlessly Integrate and Orchestrate Your Tools Together as One.

Improve efficiencies by enabling your security analysts to access and manage all tools, technologies and processes from one intuitive platform.

IncMan SOAR supports hundreds of 3rd party security technologies via QIC, API, CEF, Syslog and Email, with a constantly growing list of certified bidirectional integrations and Open Integration Framework for custom integrations.

View all integration partners

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo