chat
expand_more

Enrich Security Operations Workflows with New Abnormal API Integrations

Discover how Abnormal email signals can now be ingested into popular automation tools like Splunk, Rapid7, Revelstoke, and Hunters.
February 7, 2023

It’s not uncommon for today’s security ecosystems to house dozens of security tools. In fact, nearly a third of security teams are managing more than 50. That’s not just a lot of tools–it’s a lot of data.

Security environments are complex, which is why Abnormal Security is committed to meeting our customers wherever they are in their ecosystem and helping them optimize their existing security programs with our behavioral AI security platform. To do this, the Abnormal Cloud Email Security platform integrates with a range of popular security and IT technologies. Today, we’re pleased to add four new tools to this list: Splunk SOAR, Rapid7 InsightConnect, Revelstoke, and the Hunters SOC Platform.

View Abnormal Insights Within Your SOAR or SIEM

Email security telemetry is an essential component of extended response workflows. Our customers increasingly seek to view, respond to, and report on Abnormal behavioral insights within existing security workflows managed by security incident and event management (SIEM) and security orchestration, automation, and response (SOAR) technologies. New integrations make this a reality. Leveraging a REST API, threat logs and event data from the Abnormal platform can be used to enrich downstream incident investigation, orchestration, and response workflows, improving security team visibility into email-borne threats like account takeovers, business email compromise (BEC), phishing attacks, malware detections, and vendor email compromise.

Splunk, Rapid7, Revelstoke, and Hunters are joining the Abnormal technology partner community, bolstering a lineup of integrations across SIEM, SOAR, and IT service management (ITSM). All integrations are available today for customers of Abnormal Inbound Email Security and respective technology partners.

Abnormal + Splunk SOAR

Abnormal's integration with Splunk, which is available on Splunkbase, allows users to pull data from Abnormal via an API into Splunk’s SOAR solution. This enables security operations center (SOC) teams to track Abnormal email threat detections within the context of other security events from across the business, and then execute downstream workflows across endpoint detection and response platforms, firewall, ticketing solutions, and more.

Users can access data on events populated within the Abnormal Threat Log. They can collect:

  • Lists of Email Attacks from Threat Log

  • Details Associated with Specific Threats

  • List of Abuse Mailbox IDs

  • Threat Status

The app is compatible with Splunk SOAR Cloud and SOAR On-Prem.

Splunk Screenshot

An Abnormal event visible within the Splunk SOAR user interface.

Abnormal + Rapid7 InsightConnect

The Rapid7 extension for Abnormal allows SOC teams using InsightConnect to view email activity, including remediation actions by Abnormal, within their SOAR dashboard. This data can be used in further orchestration and response motions. Customers can query the Abnormal API to manage and pull data on threats and cases from the Abnormal Threat Log. Users can filter cases by date and time, or pull a list of top cases.

For threats, users can view:

  • Severity of the Threats

  • Impacted Employee(s)

  • Sender Details

  • Attack Type and Vector

  • Remediation Details

Abnormal + Revelstoke SOAR

The Abnormal integration with Revelstoke—a SOAR platform known for its “low-code” interface—enables alerting based on Abnormal detections. As soon as a new ticket appears in Abnormal, an alert will be created within Revelstoke. The SOAR platform then allows users to manage the subsequent incident workflow.

With this integration, Revelstoke users can ingest data on:

  • Abnormal Cases

  • Identified Threats

  • Impacted Employees

Revelstoke Screenshot

An alert is created within the Revelstoke SOAR user interface following an Abnormal Security detection.

Abnormal + Hunters SOC Platform

The final new integration is with Hunters, a SOC platform and SIEM alternative designed to help monitor and respond to incidents across the enterprise’s attack surface. Hunters customers can query the Abnormal API to pull email security data into existing incident response workflows.

With this integration, users can pull:

  • Detected Email Threats

  • Sender Details

  • Attack Type and Vector

  • Remediation Details

A Connected Ecosystem via the Abnormal REST API

If you’re familiar with Abnormal, you may already know that our API-first approach makes it easier for customers to connect to and ingest data from their cloud email platforms, but it also opens up an avenue to extract data for ingestion into other technologies. Our new integrations, as with our existing integrations, are made possible by our API.


We also offer our customers the ability to leverage our REST API for custom integrations. This approach enables a level of openness and extensibility not readily available in traditional secure email gateway solutions. In today’s complex security ecosystems, that kind of extensibility is not a “nice-to-have”—it’s critical to staying ahead of threats and remaining resilient.

Interested in pairing Abnormal Security with your existing SOAR or SIEM? Contact us to schedule a demo.

Enrich Security Operations Workflows with New Abnormal API Integrations

See Abnormal in Action

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Discover How It All Works

See How Abnormal AI Protects Humans

Related Posts

B Email Metrics
Understand essential email security metrics that reveal the strength of your protection and highlight areas for improvement in your security program.
Read More
B 1500x1500 MKT579z 3 Images for Proofpoint Customer Story Blog 15
A global industrial manufacturer blocked 3,232 missed attacks and saved 336 SOC hours per month by adding Abnormal to address gaps left by Proofpoint.
Read More
B RFI
Abnormal urges adoption of AI-native cybersecurity in response to OSTP’s RFI, highlighting the need for public-private collaboration to counter AI-powered threats.
Read More
B MKT793r Open Graphs Convergence Announcement Blog
Join this virtual event series to get the insights you need to make security decisions in the age of AI.
Read More
B Atlantis AIO Blog
Discover how cybercriminals use Atlantis AIO to automate credential stuffing attacks—and how AI-driven security can stop them before accounts are compromised.
Read More
B Black Basta
Black Basta is a highly active ransomware-as-a-service (RaaS) group that has been linked to dozens of high-profile attacks against organizations worldwide. See how they utilize generative AI to support their campaigns.
Read More