chat
expand_more

Enhance Your Email Security Visibility Within Your SIEM

Learn about Abnormal’s enhanced SIEM export schema, which provides centralized visibility into email threats
December 3, 2021

Abnormal takes our valued customer feedback seriously, and as a result, we have enriched our SIEM export feed data. Customers now have access to detailed email security information to ingest and analyze within the SIEM solution, such as Splunk, SumoLogic, IBM QRadar, or other third-party solutions. This feature will roll out in phases, starting with a few customers today and to all within the coming weeks.

Enriched SIEM Export Feed Data to Enhance Email Security Visibility and Reporting

Integrating Abnormal with a SIEM solution provides the ability to have a single pane of glass to perform detailed threat analysis of email-borne threats, including business email compromise, phishing, malware, and ransomware attacks. In many cases, customers use Abnormal to enhance their existing threat intelligence and correlate data across multiple security technologies such as endpoint, network, and SaaS cloud applications for enhanced security visibility.

Analysts can create custom SIEM dashboards and reports to provide insights into what Abnormal observes and blocks, which is especially useful for SOC Analysts to understand email attack trends. Furthermore, the data can also be exported and stored for audit and compliance purposes.

SIEM dashboard integration showing attack trends

Below are some notable examples of new data fields that can be exported into a third-party SIEM.

  • Enhanced account takeover (ATO) cases details, including the timeline, analysis, and any automatic remediation actions were taken, such as disabling the user account.

Account takeover case details with timeline and remediation status
  • Improved information sharing for more robust protection. Customers can extract account takeover, phishing, and malware links to cross-reference threat intelligence with other solutions.
Information sharing across different attack types
  • Detailed metadata on the email message threats, including sender domain name, attachment name, URL and file attachment counts.

Abnormal's enriched SIEM export data feeds provide more data for investigations, enhance existing security intelligence, especially for never-before-seen attacks, and save valuable time for security and compliance teams.

Over time, we aim to continually work with our customers to expand our integration capabilities so that they can focus on the highest priority security events, as opposed to manually hunting down and remediating email-borne threats.


Not yet an Abnormal customer? Request a demo today to learn how Abnormal can enhance your email security capabilities and provide visibility into email threats that other solutions miss.

Enhance Your Email Security Visibility Within Your SIEM

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

 
Integrates Insights Reporting 09 08 22

Related Posts

B 1500x1500 MKT468a Open Graph Images for Phishing Subjects Blog
Discover the most engaging phishing email subjects, according to Abnormal data, and how to protect your organization from these scams.
Read More
B Threat Report BEC VEC Blog
Our H1 2024 Email Threat Report revealed significant year-over-year increases in both business email compromise and vendor email compromise. Learn more.
Read More
B 2 7 24 Product Update
Abnormal product enhancements improve detection efficacy, reporting on QR code attacks, productivity, and protection from account takeover.
Read More
B 1500x1500 Quishing Stats Blog 02 05 24
Today we released our H1 2024 Email Threat Report, which examines the threat landscape and dives into the latest evolution in phishing: QR code attacks.
Read More
B 1 30 23 Microsoft ATO
A recent nation-state actor attack by the Russian-backed threat group Midnight Blizzard infiltrated Microsoft. Discover how Abnormal can protect you from account takeovers in real time.
Read More
B Look alike Domain Tactics
Learn 6 common look-alike domain tactics, some of the ways attackers use look-alike domains, and steps you can take to reduce your risk.
Read More