Incident Response Management Platform

DFLabs IncMan for CSIRT is a case management platform designed for managing, storing and reporting on information gathered during digital investigative operations with segregation of duties, incident categorization, and a knowledgebase module for defining policies and procedure. It includes advanced reporting and integration with common forensic tools to support investigators in performing incident, evidence and records management.

IncMan is an incident response management platform for preparing notes, managing forensic images with automatic upload of acquisition data, snapshots and bookmarks as well as generating chain of custody reports. IncMan imports data from all of the common endpoint and forensic tools, such as FTK, EnCase, Xways, Tableau and ICS Solo.

IncMan for CSIRT

It is possible to ingest feeds from various 3rd party technologies such as SIEM events, Endpoint Forensics, Email from ticketing systems and data from malware analyzers, and from all devices that can send syslog messages. Alerts are collected and escalated to be converted into incidents.

There is also an option of using web forms that can be made available via web portal or intranet to enable users to report incidents to the Security Operation Center or Computer Security IR Team to initiate investigations. Once an incident is created in IncMan, an automated response to update and prioritize different tasks can be activated and assigned to the appropriate team.



IncMan for CSIRT Benefits at a Glance


The table below highlights some of the benefits that IncMan offers to CSIRTs:

Core CSIRT Benefits


IncMan’s Solution


Security assessment and cost analysis


Assess costs, financial impact and time spent associated with an incident, including the technical and non-technical repercussion


Incident response case management with data segregation and role-based access


Deploy as a Multi-tenant solution with granular role-based access. Business Units can have their own dedicated virtual CSIRT


Artifact handling


Forensic evidence and artifacts can be stored in a centralized repository


Metrics, advanced reporting and correlation engine


Generate key metrics and customized KPI reports for supervisors and managers including a correlation engine that correlates all relevant IOCs and artifacts between incidents


Forensic evidence collection


Integration with forensic duplicators, eDiscovery management, evidence management in a dedicated forensic laboratory and an extensive inventory of all forensics capabilities


Evidence tracking and standardized labels


Chain of custody reporting for easy tracking of evidence including barcode labeling as well as CSIRTs standardized incident/host/evidence/clone labels


Knowledgebase module 


IncMan includes a knowledgebase module to document playbooks, threat assessment, situational awareness and to transfer best practices from experienced to novice analysts and share knowledge across the CSIRT


Fully customizable and dynamic user interface


Customizable dashboards and widgets to view and track the status of incidents and the performance of the CSIRT



Speak to one of our representatives to find out more.