Abnormal takes our valued customer feedback seriously, and as a result, we have enriched our SIEM export feed data. Customers now have access to detailed email security information to ingest and analyze within the SIEM solution, such as Splunk, SumoLogic, IBM QRadar, or other third-party solutions. This feature will roll out in phases, starting with a few customers today and to all within the coming weeks.
Enriched SIEM Export Feed Data to Enhance Email Security Visibility and Reporting
Integrating Abnormal with a SIEM solution provides the ability to have a single pane of glass to perform detailed threat analysis of email-borne threats, including business email compromise, phishing, malware, and ransomware attacks. In many cases, customers use Abnormal to enhance their existing threat intelligence and correlate data across multiple security technologies such as endpoint, network, and SaaS cloud applications for enhanced security visibility.
Analysts can create custom SIEM dashboards and reports to provide insights into what Abnormal observes and blocks, which is especially useful for SOC Analysts to understand email attack trends. Furthermore, the data can also be exported and stored for audit and compliance purposes.
Below are some notable examples of new data fields that can be exported into a third-party SIEM.
Enhanced account takeover (ATO) cases details, including the timeline, analysis, and any automatic remediation actions were taken, such as disabling the user account.
- Improved information sharing for more robust protection. Customers can extract account takeover, phishing, and malware links to cross-reference threat intelligence with other solutions.
- Detailed metadata on the email message threats, including sender domain name, attachment name, URL and file attachment counts.
Abnormal's enriched SIEM export data feeds provide more data for investigations, enhance existing security intelligence, especially for never-before-seen attacks, and save valuable time for security and compliance teams.
Over time, we aim to continually work with our customers to expand our integration capabilities so that they can focus on the highest priority security events, as opposed to manually hunting down and remediating email-borne threats.
Not yet an Abnormal customer? Request a demo today to learn how Abnormal can enhance your email security capabilities and provide visibility into email threats that other solutions miss.