Enrich Security Operations Workflows with New Abnormal API Integrations
It’s not uncommon for today’s security ecosystems to house dozens of security tools. In fact, nearly a third of security teams are managing more than 50. That’s not just a lot of tools–it’s a lot of data.
Security environments are complex, which is why Abnormal Security is committed to meeting our customers wherever they are in their ecosystem and helping them optimize their existing security programs with our behavioral AI security platform. To do this, the Abnormal Cloud Email Security platform integrates with a range of popular security and IT technologies. Today, we’re pleased to add four new tools to this list: Splunk SOAR, Rapid7 InsightConnect, Revelstoke, and the Hunters SOC Platform.
View Abnormal Insights Within Your SOAR or SIEM
Email security telemetry is an essential component of extended response workflows. Our customers increasingly seek to view, respond to, and report on Abnormal behavioral insights within existing security workflows managed by security incident and event management (SIEM) and security orchestration, automation, and response (SOAR) technologies. New integrations make this a reality. Leveraging a REST API, threat logs and event data from the Abnormal platform can be used to enrich downstream incident investigation, orchestration, and response workflows, improving security team visibility into email-borne threats like account takeovers, business email compromise (BEC), phishing attacks, malware detections, and vendor email compromise.
Splunk, Rapid7, Revelstoke, and Hunters are joining the Abnormal technology partner community, bolstering a lineup of integrations across SIEM, SOAR, and IT service management (ITSM). All integrations are available today for customers of Abnormal Inbound Email Security and respective technology partners.
Abnormal + Splunk SOAR
Abnormal's integration with Splunk, which is available on Splunkbase, allows users to pull data from Abnormal via an API into Splunk’s SOAR solution. This enables security operations center (SOC) teams to track Abnormal email threat detections within the context of other security events from across the business, and then execute downstream workflows across endpoint detection and response platforms, firewall, ticketing solutions, and more.
Users can access data on events populated within the Abnormal Threat Log. They can collect:
Lists of Email Attacks from Threat Log
Details Associated with Specific Threats
List of Abuse Mailbox IDs
The app is compatible with Splunk SOAR Cloud and SOAR On-Prem.
Abnormal + Rapid7 InsightConnect
The Rapid7 extension for Abnormal allows SOC teams using InsightConnect to view email activity, including remediation actions by Abnormal, within their SOAR dashboard. This data can be used in further orchestration and response motions. Customers can query the Abnormal API to manage and pull data on threats and cases from the Abnormal Threat Log. Users can filter cases by date and time, or pull a list of top cases.
For threats, users can view:
Severity of the Threats
Attack Type and Vector
Abnormal + Revelstoke SOAR
The Abnormal integration with Revelstoke—a SOAR platform known for its “low-code” interface—enables alerting based on Abnormal detections. As soon as a new ticket appears in Abnormal, an alert will be created within Revelstoke. The SOAR platform then allows users to manage the subsequent incident workflow.
With this integration, Revelstoke users can ingest data on:
Abnormal + Hunters SOC Platform
The final new integration is with Hunters, a SOC platform and SIEM alternative designed to help monitor and respond to incidents across the enterprise’s attack surface. Hunters customers can query the Abnormal API to pull email security data into existing incident response workflows.
With this integration, users can pull:
Detected Email Threats
Attack Type and Vector
A Connected Ecosystem via the Abnormal REST API
If you’re familiar with Abnormal, you may already know that our API-first approach makes it easier for customers to connect to and ingest data from their cloud email platforms, but it also opens up an avenue to extract data for ingestion into other technologies. Our new integrations, as with our existing integrations, are made possible by our API.
We also offer our customers the ability to leverage our REST API for custom integrations. This approach enables a level of openness and extensibility not readily available in traditional secure email gateway solutions. In today’s complex security ecosystems, that kind of extensibility is not a “nice-to-have”—it’s critical to staying ahead of threats and remaining resilient.
Interested in pairing Abnormal Security with your existing SOAR or SIEM? Contact us to schedule a demo.