What’s New: Week of Apr 26 – 30 – New Developer Tools and Expanded Link Crawling

  • New Developer Tools: Mock Data: Abnormal has introduced the ability for developers to get mock data from all REST API endpoints. This functionality will make it easier for developers to test and verify workflows before building them out. 

The “mock data” string-type header parameter can be specified as True or False (default is False) for any API call. If the mock data parameter is set to True, Abnormal returns a JSON object with synthetic data in the same format as expected for the given endpoint’s response.

This ability to easily access test data will enhance the developer experience by making it simpler to test workflows and debug in a lightweight way.

No action is required to take advantage of this functionality outside of specifying the “mock-data” parameter in future calls.

For more information, please visit our Abnormal Security Client API documentation.

  • New Expanded Link Crawling Policy: Abnormal has expanded our link crawling policies to better protect against hard-to-detect attacks.

First, we are crawling uncommon domains from rare senders. These two signals are defined as such: 

  • Uncommon Domains: We utilize several open source intelligence tools (e.g. Alexa’s Top 1M Domains) that track the most common domains seen across the Internet. We consider domains not included in these lists as uncommon and a signal that the domain can be leveraged for malicious use.
  • Rare Senders: Using our behavioral signals, we determine if the sender is someone who is rarely seen within your environment. 

If a link is found to be uncommon in an email sent from someone rarely seen in a customers environment, we intend to crawl this link and perform in depth analysis on the result. 

Second, we are also expanding our link crawling policy to crawl links that have file extensions within its path (e.g. [url pattern].[file extension]). 

As Abnormal has improved our phishing and malware detection capabilities, we have observed an increasing number of advanced malware and phishing attacks obfuscating malicious content behind links leading to unknown websites. In order for us to detect these attacks and detect malicious intent, we have to crawl these links to analyze the landing page or malicious file.

As we increase this link crawling policy, we have also increased safeguards to prevent our systems from crawling one-time click links (such as event and calendar invites, or subscription links) in customers’ environments.

Related content