Enrich Security Operations Workflows with New Abnormal API Integrations

Discover how Abnormal email signals can now be ingested into popular automation tools like Splunk, Rapid7, Revelstoke, and Hunters.
February 7, 2023

It’s not uncommon for today’s security ecosystems to house dozens of security tools. In fact, nearly a third of security teams are managing more than 50. That’s not just a lot of tools–it’s a lot of data.

Security environments are complex, which is why Abnormal Security is committed to meeting our customers wherever they are in their ecosystem and helping them optimize their existing security programs with our behavioral AI security platform. To do this, the Abnormal Cloud Email Security platform integrates with a range of popular security and IT technologies. Today, we’re pleased to add four new tools to this list: Splunk SOAR, Rapid7 InsightConnect, Revelstoke, and the Hunters SOC Platform.

View Abnormal Insights Within Your SOAR or SIEM

Email security telemetry is an essential component of extended response workflows. Our customers increasingly seek to view, respond to, and report on Abnormal behavioral insights within existing security workflows managed by security incident and event management (SIEM) and security orchestration, automation, and response (SOAR) technologies. New integrations make this a reality. Leveraging a REST API, threat logs and event data from the Abnormal platform can be used to enrich downstream incident investigation, orchestration, and response workflows, improving security team visibility into email-borne threats like account takeovers, business email compromise (BEC), phishing attacks, malware detections, and vendor email compromise.

Splunk, Rapid7, Revelstoke, and Hunters are joining the Abnormal technology partner community, bolstering a lineup of integrations across SIEM, SOAR, and IT service management (ITSM). All integrations are available today for customers of Abnormal Inbound Email Security and respective technology partners.

Abnormal + Splunk SOAR

Abnormal's integration with Splunk, which is available on Splunkbase, allows users to pull data from Abnormal via an API into Splunk’s SOAR solution. This enables security operations center (SOC) teams to track Abnormal email threat detections within the context of other security events from across the business, and then execute downstream workflows across endpoint detection and response platforms, firewall, ticketing solutions, and more.

Users can access data on events populated within the Abnormal Threat Log. They can collect:

  • Lists of Email Attacks from Threat Log

  • Details Associated with Specific Threats

  • List of Abuse Mailbox IDs

  • Threat Status

The app is compatible with Splunk SOAR Cloud and SOAR On-Prem.

Splunk Screenshot

An Abnormal event visible within the Splunk SOAR user interface.

Abnormal + Rapid7 InsightConnect

The Rapid7 extension for Abnormal allows SOC teams using InsightConnect to view email activity, including remediation actions by Abnormal, within their SOAR dashboard. This data can be used in further orchestration and response motions. Customers can query the Abnormal API to manage and pull data on threats and cases from the Abnormal Threat Log. Users can filter cases by date and time, or pull a list of top cases.

For threats, users can view:

  • Severity of the Threats

  • Impacted Employee(s)

  • Sender Details

  • Attack Type and Vector

  • Remediation Details

Abnormal + Revelstoke SOAR

The Abnormal integration with Revelstoke—a SOAR platform known for its “low-code” interface—enables alerting based on Abnormal detections. As soon as a new ticket appears in Abnormal, an alert will be created within Revelstoke. The SOAR platform then allows users to manage the subsequent incident workflow.

With this integration, Revelstoke users can ingest data on:

  • Abnormal Cases

  • Identified Threats

  • Impacted Employees

Revelstoke Screenshot

An alert is created within the Revelstoke SOAR user interface following an Abnormal Security detection.

Abnormal + Hunters SOC Platform

The final new integration is with Hunters, a SOC platform and SIEM alternative designed to help monitor and respond to incidents across the enterprise’s attack surface. Hunters customers can query the Abnormal API to pull email security data into existing incident response workflows.

With this integration, users can pull:

  • Detected Email Threats

  • Sender Details

  • Attack Type and Vector

  • Remediation Details

A Connected Ecosystem via the Abnormal REST API

If you’re familiar with Abnormal, you may already know that our API-first approach makes it easier for customers to connect to and ingest data from their cloud email platforms, but it also opens up an avenue to extract data for ingestion into other technologies. Our new integrations, as with our existing integrations, are made possible by our API.

We also offer our customers the ability to leverage our REST API for custom integrations. This approach enables a level of openness and extensibility not readily available in traditional secure email gateway solutions. In today’s complex security ecosystems, that kind of extensibility is not a “nice-to-have”—it’s critical to staying ahead of threats and remaining resilient.

Interested in pairing Abnormal Security with your existing SOAR or SIEM? Contact us to schedule a demo.

Schedule a Demo
Enrich Security Operations Workflows with New Abnormal API Integrations

See Abnormal in Action

Schedule a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
Integrates Insights Reporting 09 08 22

Related Posts

B 3 21 23 CFO
Bill Losch of Okta discusses the macroeconomic environment and how CISOs can prepare for budget discussions with their CFOs.
Read More
B Business Email Compromise Response
Knowing what to do after receiving a business email compromise attack is essential for preventing costly consequences. Learn how to respond to BEC attacks.
Read More
B 36 M
Vendor email compromise is expensive. See how Abnormal protected our customer from a $36 million invoice fraud attack.
Read More
B Keeping VIP Emails Safe
Learn why executives are popular targets for account takeovers, the consequences of a successful takeover, and how organizations can prevent these attacks.
Read More
B TAG Cyber Future of Cloud Email Security
In the final post of our series with Ed Amoroso, the TAG Cyber CEO discusses some of the defensive and offensive trends for cloud email.
Read More
B SVB Closure Cybersecurity Threats
The Silicon Valley Bank (SVB) closure has created opportunities for threat actors to launch more convincing email attacks. Here's how to lower your risk.
Read More