IncMan SOAR v4.5 – With New Open Integration Framework for Enhanced Customization

DFLabs is thrilled to announce the release of the latest version of its award-winning and industry leading Security Orchestration, Automation and Response (SOAR) solution, IncMan SOAR version 4.5.  

IncMan SOAR version 4.5 includes some of our most exciting enhancements to date. Many of the most significant new features in this latest release are centered around DFLabs’ commitment to delivering a more open, extensible and community-oriented solution to some of the most challenging problems facing SOCs, CSIRTs and MSSPs today. Stay tuned into our website in the coming months, as we will be announcing several other new features and programs centered around creating a more open, community solution soon!

As part of this latest release, DFLabs has added many new integrations across a wide variety of product spaces including ITSM, vulnerability management and threat intelligence. This includes integrations with AlienVault OTX, RSA NetWitness, ServiceNow and Tenable. We have also enhanced several of our existing integrations, including those with IBM QRadar, Splunk and TAXII.

You have asked, and we have listened; version 4.5 will include a significantly expanded REST API, allowing users to extend the functionality of IncMan SOAR and integrate it into other processes in new and exciting ways. Over the next several releases, DFLabs will continue to add new functionality to its API, allowing even greater extensibility for our customers and integration partners.

We have expanded the functionality of our one of a kind START Triage Module in version 4.5 as well. START Triage can now accept inputs from any of our supported data ingestion methods, including syslog, email and the API.  With this increased support, IncMan SOAR users now have highly granular control over which events are forwarded to the START Triage module for enrichment and validation and which events are converted directly into incidents.

Without a doubt, our most exciting and innovative feature in this latest release is IncMan SOAR’s new Open Integration Framework.  The DFLabs Open Integration Framework will fundamentally change the way integrations can be used and extended within the platform. Close, proprietary integrations are out and open, text-based integrations are in. The DFLabs Open Integration Framework allows integration code to be defined in any of our supported scripting languages: Bash Perl, PowerShell, and Python, along with all the other components that make an integration tick within a SOAR solution.

From version 4.5 onward, DFLabs will be developing all integrations in this new Open Integration Framework, giving customers full visibility into the integrations, as well as the ability to extend these integrations. Of course, this Open Integration Framework will also allow customers to develop their own integrations from the ground up as well.

One of the key differentiators in DFLabs’ approach to providing an open framework for integration development is the action level approach taken in this framework. The DFLabs Open Integration Framework defines all integrations at the action level, not as one monolithic file. This action level definition makes the DFLabs Open Integration Framework much more accessible to users with more limited coding experience. It also allows users to easily add actions to existing integrations without the need to modify existing code and enables portability and sharing at the action level. Execution of each integration in a unique Docker container, easily configured from within the integration file, provides additional security and eliminates the risk of conflicting libraries.

For more information on DFLabs Open Integration Framework and other features of IncMan SOAR version 4.5, register for our upcoming webinar on Nov 27th at 3pm GMT and check out our new short overview video.

Make sure to stay tuned in as DFLabs will be releasing some other exciting news focused on increased community involvement soon!