DFLabs open framework enables integration of SOAR and security tools

Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.

DFLabs launched a new version of the IncMan SOAR platform that provides an open integration framework for customizing and adding new automated integrations between security tools and IncMan SOAR, without the need for complex coding. This capability enables security teams to add and orchestrate new functions between IncMan SOAR and third party products in order to address requirements and workflows.

Organizations can now extend the existing IncMan SOAR product integrations with new functions they require. For example, an enterprise using a vulnerability assessment tool may want to exclude a legacy application from being scanned due to concerns it may cause unexpected failures. A specific action, which would prevent custom scans of the application from being initiated through an IncMan Runbook, can be added in just minutes.

For flexibility, IncMan SOAR defines all integrations at the action level, not as one file. This allows users to add actions to existing integrations without the need to modify existing code and enables portability and sharing at the action level. To provide additional security and eliminate the risk of conflicting libraries, execution of each integration occurs within a Docker container that is easy to configure.

“Every IT environment is unique and has different requirements when it comes to automation of security actions,” said Michele Zambelli, CTO of DFLabs. “The IncMan SOAR open integration framework replaces the proprietary vendor orchestration model between security tools with a new open approach that puts enterprises and MSSPs in complete control of which actions they want, and don’t want, to automate for incident response.”

DFLabs’ new open integration framework is part of DFLabs’ commitment to delivering a more open, community oriented solution to automation and orchestration. Over the next several months, DFLabs will be introducing several new innovations to further its goals for increasing user, MSSP, partner and community involvement.

Additional enhancements

In addition to the open integration framework, the new version if IncMan SOAR includes an REST API that allow users to extend and integrate security automation and orchestration with other processes in new ways. DFLabs will continue to add new functionality to this REST API, to provide broader extensibility for customers and integration partners.

To enable control over which events are forwarded to the START Triage module for enrichment and to validate whether they should be converted into a security incident, IncMan SOAR now accept inputs for START Triage from any supported data ingestion methods, including syslog, email and the API.

About DFLabs IncMan SOAR

DFLabs IncMan SOAR is the platform capable of security incident lifecycle automation. Its patent pending R3 Rapid Response Runbooks use automated actions to provide workflows and execute a variety of data enrichment, notification, containment and custom actions based on decision making. This accelerates the ability of responders to assess, investigate and hunt for threats. Runbooks also collect and facilitate knowledge transfer between incident response (IR) and SOC teams.