DFLabs, the award-winning Security Orchestration, Automation and Response (SOAR) vendor, announced a new version of the IncMan SOAR platform that provides an open integration framework for customizing and adding new automated integrations between security tools and IncMan SOAR, without the need for complex coding. This capability enables security teams to easily add and orchestrate new functions between IncMan SOAR and third-party products in order to address unique requirements and workflows.
Organizations can now easily extend the existing IncMan SOAR product integrations with new functions they require. For example, an enterprise using a vulnerability assessment tool may want to exclude a legacy application from being scanned due to concerns it may cause unexpected failures. A specific action, which would prevent custom scans of the application from automatically being initiated through an IncMan Runbook, can be added in just minutes.
For complete flexibility, IncMan SOAR defines all integrations at the action level, not as one monolithic file. This allows users to easily add actions to existing integrations without the need to modify existing code and enables portability and sharing at the action level. To provide additional security and eliminate the risk of conflicting libraries, execution of each integration occurs within a unique Docker container that is easy to configure.
“Every IT environment is unique and has different requirements when it comes to automation of security actions,” said Michele Zambelli, CTO of DFLabs. “The IncMan SOAR open integration framework replaces the proprietary vendor orchestration model between security tools with a new open approach that puts enterprises and MSSPs in complete control of which actions they want, and don’t want, to automate for incident response.”
DFLabs’ new open integration framework is part of DFLabs’ commitment to delivering a more open, community-oriented solution to automation and orchestration. Over the next several months, DFLabs will be introducing several new innovations to further its goals for increasing user, MSSP, partner and community involvement.
In addition to the open integration framework, the new version if IncMan SOAR includes an enhanced REST API that allows users to extend and integrate security automation and orchestration with other processes in new and exciting ways. DFLabs will continue to add new functionality to this REST API, to provide broader extensibility for customers and integration partners.
To enable granular control over which events are forwarded to the START Triage module for enrichment and to validate whether they should be converted directly into a security incident, IncMan SOAR now accepts inputs for START Triage from any supported data ingestion methods, including syslog, email and the API.
DFLabs IncMan SOAR version 4.5 with the open integration framework is available immediately from DFLabs and its business partners worldwide.