New SIEM Integrations Improve Incident Response Capabilities and Streamline Workflows

Abnormal is focused on our customers, which is why we’re continually updating our product based on customer feedback. Our newest platform capabilities help customers maximize existing security investments with several integrations that will allow security operation centers (SOCs) to better respond to security events and align with internal workflows. In doing so, they can improve overall security posture and provide complete protection to their organizations and employees.

Improved Security Monitoring and Visibility

We are excited to introduce new integrations with security information and event management (SIEM) solutions, including Microsoft Azure Sentinel, Sumo Logic, and IBM QRadar. Similar to our existing Splunk integration, these integrations are quick and easy to set up, with integration completed in less than ten minutes. Once connected, customers can ingest Abnormal event logs derived from inbound email threats and account takeover (ATO) cases into their SIEM tool, which can optionally be configured for alerting and other downstream workflows.

Abnormal SIEM integrations

*Abnormal has over 30+ data fields that can be exported and additional SIEM & SOAR providers supported. Learn more here.

Benefits of Integrating Abnormal with Your SIEM

These integrations extend Abnormal’s powerful detection platform to integrate with the broader security ecosystem, thereby improving security posture and enhancing detection and response capabilities. Customers can leverage their existing tools to boost analyst efficiency and ensure comprehensive security visibility and coverage, ultimately reducing the impact of security events.

Customers can also perform threat analysis by cross-correlating alerts originating from various security tools, building out reporting and dashboarding systems that include Abnormal data, and enriching their centralized logs, which are useful for compliance and audit purposes. Already, our customers have seen success correlating data from their endpoint security solutions such as Crowdstrike Falcon with Abnormal.

Abnormal dashboard with SIEM integrations

Functional Use Cases

There are over thirty data fields that can be exported to your preferred SIEM. Some popular use cases we’ve observed with Abnormal’s rich data include:

  1. Threat analysis. Several customers use threat data exported from Abnormal’s detection platform alongside logs generated by other security products to identify attack patterns. Additionally, security analysts can correlate different events to better understand specific attacks and drive follow-up activities, including contacting end users, updating block lists, or providing training to employees.

  2. Dashboarding and reporting. Many customers will use their SIEM as a “single pane of glass” across their security products. Based on Abnormal’s logs for email threats and account takeover (ATO) cases, customers can build executive dashboards or reports for the security team.

  3. Alerting and ticketing workflows. Abnormal customers can trigger custom email notifications or generate tickets, such as with ServiceNow from the SIEM to align with the SOC’s workflow.

  4. Audit and compliance. Customers with log retention requirements, especially those in regulated industries like finance or healthcare, can import all security events, including Abnormal, into their SIEM for centralized and unified storage.

These partner integrations represent a more significant tie-in between Abnormal and the rest of the security ecosystem. By strengthening your organization’s security posture and workflows, these integrations enable you to gain increased leverage on existing investments in the tools you already operate.

Over time, we aim to continually work with our customers so they can focus their efforts on the highest priority security events, as opposed to manual operations. These themes will guide us as we continue to expand our suite of integrations going forward.

To learn how Abnormal can improve email incident response capabilities and streamline workflows for your organization, request a demo today.


Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 05 11 22 Scaling Out Redis
As we’ve scaled our customer base, the size of our datasets has also grown. With our rapid expansion, we were on track to hit the data storage limit of our Redis server in two months, so we needed to figure out a way to scale beyond this—and fast!
Read More
B 05 17 22 Impersonation Attack
See how threat actors used a single mailbox compromise and spoofed domains to subtly impersonate individuals and businesses to coerce victims to pay fraudulent vendor invoices.
Read More
B 05 14 22 Best Workplace
We are over the moon to announce Abnormal has been named one of Inc. Magazine's Best Workplaces of 2022! Learn more about our commitment to our workforce.
Read More
B 05 13 22 Spring Product Release
This quarter, the team at Abnormal launched new features to improve lateral attack detection, role-based access control (RBAC), and explainable AI. Take a deep dive into all of the latest product enhancements.
Read More
B 05 11 22 Champion Finalist
Abnormal has been selected as a Security Customer Champion finalist in the Microsoft Security Excellence Awards! Here’s a look at why.
Read More
Blog series c cover
When we raised our Series B funding 18 months ago, I promised our customers greater value, more capabilities, and better customer support. We’ve delivered on each of those promises and as we receive an even larger investment, I’m excited about how we can continue to further deliver on each of them.
Read More
B 05 09 22 Partner Community
It’s an honor to be named one of CRN’s 2022 Women of the Channel. Here’s why I appreciate the award and what I love about being a Channel Account Manager at Abnormal.
Read More
B 05 05 22 Fast Facts
Watch this short video to learn current trends and key issues in cloud email security, including how to protect your organization against modern threats.
Read More
B 05 03 22
Like all threats in the cyber threat landscape, ransomware will continue to evolve over time. This post builds on our prior research and looks at the changes we observed in the ransomware threat landscape in the first quarter of 2022.
Read More
B 04 28 22 8 Key Differences
At Abnormal, we pride ourselves on our excellent machine learning engineering team. Here are some patterns we use to distinguish between effective and ineffective ML engineers.
Read More
B 04 26 22 Webinar Re Replacing Your SEG
Learn how Microsoft 365 and Abnormal work together to provide comprehensive defense-in-depth protection in part two of our webinar recap.
Read More
Blog mitigate threats cover
Learn about the most common socially-engineered attacks and why these tactics are still so successful—despite a growing awareness from employees.
Read More