Incident Response Management Platform

DFLabs IncMan for CSIRT is a case management platform designed for managing, storing and reporting on information gathered during digital investigative operations with segregation of duties, incident categorization, and a knowledgebase module for defining policies and procedure. It includes advanced reporting and integration with common forensic tools to support investigators in performing incident, evidence and records management.

IncMan is an incident response management platform for preparing notes, managing forensic images with automatic upload of acquisition data, snapshots and bookmarks as well as generating chain of custody reports. IncMan imports data from all of the common endpoint and forensic tools, such as FTK, EnCase, Xways, Tableau and ICS Solo.

IncMan for CSIRT

It is possible to ingest feeds from various 3rd party technologies such as SIEM events, Endpoint Forensics, Email from ticketing systems and data from malware analyzers, and from all devices that can send syslog messages. Alerts are collected and escalated to be converted into incidents.

There is also an option of using web forms that can be made available via web portal or intranet to enable users to report incidents to the Security Operation Center or Computer Security IR Team to initiate investigations. Once an incident is created in IncMan, an automated response to update and prioritize different tasks can be activated and assigned to the appropriate team.

 

 

IncMan for CSIRT Benefits at a Glance

 

The table below highlights some of the benefits that IncMan offers to CSIRTs:

Core CSIRT Benefits

 

IncMan’s Solution

 

Security assessment and cost analysis

 

Assess costs, financial impact and time spent associated with an incident, including the technical and non-technical repercussion

 

Incident response case management with data segregation and role-based access

 

Deploy as a Multi-tenant solution with granular role-based access. Business Units can have their own dedicated virtual CSIRT

 

Artifact handling

 

Forensic evidence and artifacts can be stored in a centralized repository

 

Metrics, advanced reporting and correlation engine

 

Generate key metrics and customized KPI reports for supervisors and managers including a correlation engine that correlates all relevant IOCs and artifacts between incidents

 

Forensic evidence collection

 

Integration with forensic duplicators, eDiscovery management, evidence management in a dedicated forensic laboratory and an extensive inventory of all forensics capabilities

 

Evidence tracking and standardized labels

 

Chain of custody reporting for easy tracking of evidence including barcode labeling as well as CSIRTs standardized incident/host/evidence/clone labels

 

Knowledgebase module 

 

IncMan includes a knowledgebase module to document playbooks, threat assessment, situational awareness and to transfer best practices from experienced to novice analysts and share knowledge across the CSIRT

 

Fully customizable and dynamic user interface

 

Customizable dashboards and widgets to view and track the status of incidents and the performance of the CSIRT

 

 

Speak to one of our representatives to find out more.

 

 

Partnerzy

logo-backbox
logo-captivnet3
logo-codesealer
logo-cygilant
logo-cynet
logo-dflabs2
logo-firemon
logo-fox-it--200x79
logo-greenbone
logo-logpoint0-1
logo-Lumeta-205x51
logo-matrix42-v2
logo-sealpath
logo-secpoint-220x95
logo-ThreatMark2
logo-unitrends
logo-wallix-300x144c