chat
expand_more

Enrich Security Operations Workflows with New Abnormal API Integrations

Discover how Abnormal email signals can now be ingested into popular automation tools like Splunk, Rapid7, Revelstoke, and Hunters.
February 7, 2023

It’s not uncommon for today’s security ecosystems to house dozens of security tools. In fact, nearly a third of security teams are managing more than 50. That’s not just a lot of tools–it’s a lot of data.

Security environments are complex, which is why Abnormal Security is committed to meeting our customers wherever they are in their ecosystem and helping them optimize their existing security programs with our behavioral AI security platform. To do this, the Abnormal Cloud Email Security platform integrates with a range of popular security and IT technologies. Today, we’re pleased to add four new tools to this list: Splunk SOAR, Rapid7 InsightConnect, Revelstoke, and the Hunters SOC Platform.

View Abnormal Insights Within Your SOAR or SIEM

Email security telemetry is an essential component of extended response workflows. Our customers increasingly seek to view, respond to, and report on Abnormal behavioral insights within existing security workflows managed by security incident and event management (SIEM) and security orchestration, automation, and response (SOAR) technologies. New integrations make this a reality. Leveraging a REST API, threat logs and event data from the Abnormal platform can be used to enrich downstream incident investigation, orchestration, and response workflows, improving security team visibility into email-borne threats like account takeovers, business email compromise (BEC), phishing attacks, malware detections, and vendor email compromise.

Splunk, Rapid7, Revelstoke, and Hunters are joining the Abnormal technology partner community, bolstering a lineup of integrations across SIEM, SOAR, and IT service management (ITSM). All integrations are available today for customers of Abnormal Inbound Email Security and respective technology partners.

Abnormal + Splunk SOAR

Abnormal's integration with Splunk, which is available on Splunkbase, allows users to pull data from Abnormal via an API into Splunk’s SOAR solution. This enables security operations center (SOC) teams to track Abnormal email threat detections within the context of other security events from across the business, and then execute downstream workflows across endpoint detection and response platforms, firewall, ticketing solutions, and more.

Users can access data on events populated within the Abnormal Threat Log. They can collect:

  • Lists of Email Attacks from Threat Log

  • Details Associated with Specific Threats

  • List of Abuse Mailbox IDs

  • Threat Status

The app is compatible with Splunk SOAR Cloud and SOAR On-Prem.

Splunk Screenshot

An Abnormal event visible within the Splunk SOAR user interface.

Abnormal + Rapid7 InsightConnect

The Rapid7 extension for Abnormal allows SOC teams using InsightConnect to view email activity, including remediation actions by Abnormal, within their SOAR dashboard. This data can be used in further orchestration and response motions. Customers can query the Abnormal API to manage and pull data on threats and cases from the Abnormal Threat Log. Users can filter cases by date and time, or pull a list of top cases.

For threats, users can view:

  • Severity of the Threats

  • Impacted Employee(s)

  • Sender Details

  • Attack Type and Vector

  • Remediation Details

Abnormal + Revelstoke SOAR

The Abnormal integration with Revelstoke—a SOAR platform known for its “low-code” interface—enables alerting based on Abnormal detections. As soon as a new ticket appears in Abnormal, an alert will be created within Revelstoke. The SOAR platform then allows users to manage the subsequent incident workflow.

With this integration, Revelstoke users can ingest data on:

  • Abnormal Cases

  • Identified Threats

  • Impacted Employees

Revelstoke Screenshot

An alert is created within the Revelstoke SOAR user interface following an Abnormal Security detection.

Abnormal + Hunters SOC Platform

The final new integration is with Hunters, a SOC platform and SIEM alternative designed to help monitor and respond to incidents across the enterprise’s attack surface. Hunters customers can query the Abnormal API to pull email security data into existing incident response workflows.

With this integration, users can pull:

  • Detected Email Threats

  • Sender Details

  • Attack Type and Vector

  • Remediation Details

A Connected Ecosystem via the Abnormal REST API

If you’re familiar with Abnormal, you may already know that our API-first approach makes it easier for customers to connect to and ingest data from their cloud email platforms, but it also opens up an avenue to extract data for ingestion into other technologies. Our new integrations, as with our existing integrations, are made possible by our API.


We also offer our customers the ability to leverage our REST API for custom integrations. This approach enables a level of openness and extensibility not readily available in traditional secure email gateway solutions. In today’s complex security ecosystems, that kind of extensibility is not a “nice-to-have”—it’s critical to staying ahead of threats and remaining resilient.

Interested in pairing Abnormal Security with your existing SOAR or SIEM? Contact us to schedule a demo.

Schedule a Demo
Enrich Security Operations Workflows with New Abnormal API Integrations

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Proofpoint Customer Story Blog 8
A Fortune 500 transportation and logistics leader blocked more than 6,700 attacks missed by Proofpoint and reclaimed 350 SOC hours per month by adding Abnormal to its security stack.
Read More
B Gartner MQ 2024 Announcement Blog
Abnormal Security was named a Leader in the 2024 Gartner Magic Quadrant for Email Security Platforms and positioned furthest for Completeness of Vision.
Read More
B Gift Card Scams Tricker to Spot Blog
Learn why gift card scams are becoming more difficult to identify, how cybercriminals evolve their tactics, and strategies to protect your organization.
Read More
B Offensive AI 12 16 24
Learn how AI is used in cybersecurity, what defensive AI vs. offensive AI means, and how to use defensive AI to combat offensive AI.
Read More
B Proofpoint Customer Story Blog 7
See how Abnormal's AI helped a Fortune 500 insurance provider detect 27,847 threats missed by Proofpoint and save 6,600+ hours in employee productivity.
Read More
B Cyberattack Forecast Emerging Threats Blog
Uncover the latest email threats and strategies to strengthen your cybersecurity and prepare for 2025.
Read More