Enrich Security Operations Workflows with New Abnormal API Integrations

Discover how Abnormal email signals can now be ingested into popular automation tools like Splunk, Rapid7, Revelstoke, and Hunters.
February 7, 2023

It’s not uncommon for today’s security ecosystems to house dozens of security tools. In fact, nearly a third of security teams are managing more than 50. That’s not just a lot of tools–it’s a lot of data.

Security environments are complex, which is why Abnormal Security is committed to meeting our customers wherever they are in their ecosystem and helping them optimize their existing security programs with our behavioral AI security platform. To do this, the Abnormal Cloud Email Security platform integrates with a range of popular security and IT technologies. Today, we’re pleased to add four new tools to this list: Splunk SOAR, Rapid7 InsightConnect, Revelstoke, and the Hunters SOC Platform.

View Abnormal Insights Within Your SOAR or SIEM

Email security telemetry is an essential component of extended response workflows. Our customers increasingly seek to view, respond to, and report on Abnormal behavioral insights within existing security workflows managed by security incident and event management (SIEM) and security orchestration, automation, and response (SOAR) technologies. New integrations make this a reality. Leveraging a REST API, threat logs and event data from the Abnormal platform can be used to enrich downstream incident investigation, orchestration, and response workflows, improving security team visibility into email-borne threats like account takeovers, business email compromise (BEC), phishing attacks, malware detections, and vendor email compromise.

Splunk, Rapid7, Revelstoke, and Hunters are joining the Abnormal technology partner community, bolstering a lineup of integrations across SIEM, SOAR, and IT service management (ITSM). All integrations are available today for customers of Abnormal Inbound Email Security and respective technology partners.

Abnormal + Splunk SOAR

Abnormal's integration with Splunk, which is available on Splunkbase, allows users to pull data from Abnormal via an API into Splunk’s SOAR solution. This enables security operations center (SOC) teams to track Abnormal email threat detections within the context of other security events from across the business, and then execute downstream workflows across endpoint detection and response platforms, firewall, ticketing solutions, and more.

Users can access data on events populated within the Abnormal Threat Log. They can collect:

  • Lists of Email Attacks from Threat Log

  • Details Associated with Specific Threats

  • List of Abuse Mailbox IDs

  • Threat Status

The app is compatible with Splunk SOAR Cloud and SOAR On-Prem.

Splunk Screenshot

An Abnormal event visible within the Splunk SOAR user interface.

Abnormal + Rapid7 InsightConnect

The Rapid7 extension for Abnormal allows SOC teams using InsightConnect to view email activity, including remediation actions by Abnormal, within their SOAR dashboard. This data can be used in further orchestration and response motions. Customers can query the Abnormal API to manage and pull data on threats and cases from the Abnormal Threat Log. Users can filter cases by date and time, or pull a list of top cases.

For threats, users can view:

  • Severity of the Threats

  • Impacted Employee(s)

  • Sender Details

  • Attack Type and Vector

  • Remediation Details

Abnormal + Revelstoke SOAR

The Abnormal integration with Revelstoke—a SOAR platform known for its “low-code” interface—enables alerting based on Abnormal detections. As soon as a new ticket appears in Abnormal, an alert will be created within Revelstoke. The SOAR platform then allows users to manage the subsequent incident workflow.

With this integration, Revelstoke users can ingest data on:

  • Abnormal Cases

  • Identified Threats

  • Impacted Employees

Revelstoke Screenshot

An alert is created within the Revelstoke SOAR user interface following an Abnormal Security detection.

Abnormal + Hunters SOC Platform

The final new integration is with Hunters, a SOC platform and SIEM alternative designed to help monitor and respond to incidents across the enterprise’s attack surface. Hunters customers can query the Abnormal API to pull email security data into existing incident response workflows.

With this integration, users can pull:

  • Detected Email Threats

  • Sender Details

  • Attack Type and Vector

  • Remediation Details

A Connected Ecosystem via the Abnormal REST API

If you’re familiar with Abnormal, you may already know that our API-first approach makes it easier for customers to connect to and ingest data from their cloud email platforms, but it also opens up an avenue to extract data for ingestion into other technologies. Our new integrations, as with our existing integrations, are made possible by our API.

We also offer our customers the ability to leverage our REST API for custom integrations. This approach enables a level of openness and extensibility not readily available in traditional secure email gateway solutions. In today’s complex security ecosystems, that kind of extensibility is not a “nice-to-have”—it’s critical to staying ahead of threats and remaining resilient.

Interested in pairing Abnormal Security with your existing SOAR or SIEM? Contact us to schedule a demo.

Schedule a Demo
Enrich Security Operations Workflows with New Abnormal API Integrations

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

B Complex Case of Account Compromise Blog
Discover how Abnormal helped one organization detect the sophisticated tactics an attacker used to compromise an employee's email account.
Read More
B Cross Platform Account Takeover
Discover the dangers of cross-platform account takeover, the challenges of detecting this attack, and how to implement proactive protection against ATO.
Read More
B 5 17 24 Legal
Learn how cybercriminals use superficial disclaimers to deceive others while facilitating illegal activity on cybercrime forums.
Read More
B Cybersecurity Influencers Blog 2024
Stay up to date on the latest cybersecurity trends, industry news, and best practices by following these 15 innovative and influential thought leaders on social media.
Read More
B 5 13 24 Docusign
Cybercriminals are abusing Docusign by selling customizable phishing templates on cybercrime forums, allowing attackers to steal credentials for phishing and business email compromise (BEC) scams.
Read More
Abnormal employees honored as CRN 2024 Women of the Channel for their influential leadership in the tech industry.
Read More