chat
expand_more

Extend Your Security Operations with Automated Workflows

Our newest platform capabilities help customers streamline critical security workflows, like triaging phishing mailbox submissions or triggering tickets to investigate account takeovers, through automated playbooks. Doing so can decrease mean time to respond (MTTR) to incidents, further reducing any potential risk to the organization and eliminating manual workflows to save time and increase the efficiency of IT and security teams.
November 19, 2021

Abnormal is customer-focused, which is why we’re continually updating our product based on valued customer feedback. Our newest platform capabilities help customers streamline critical security workflows, like triaging phishing mailbox submissions or triggering tickets to investigate account takeovers, through automated playbooks. Doing so can decrease mean time to respond (MTTR) to incidents, further reducing any potential risk to the organization and eliminating manual workflows to save time and increase the efficiency of IT and security teams.

Improved Security Orchestration, Automation, and Response

We are excited to introduce our integration with Palo Alto Networks eXtended Security Orchestration, Automation and Response (XSOAR) solution. This integration facilitates investigation and response for email-borne threats, including phishing, malware, and ransomware attacks.

Analysts can cross-correlate with third-party threat intelligence tools or endpoint solutions to trigger investigation or remediation workflows. Our new integration enables teams to take action through Abnormal in an automated fashion by managing account takeover cases or submitting reports to Detection 360.

Xsoar dashboard

Frictionless Deployment with REST API

The Abnormal integration, built upon our sophisticated REST API, can be configured directly from the PAN XSOAR Marketplace, allowing customers to complete all configurations within minutes. From there, customers can leverage a series of documented commands to pull in Abnormal data and leverage it while building or modifying playbooks.

Logs events

XSOAR Functional Use Cases

Close to twenty commands can be used from the XSOAR interface, which collectively allows a user to pull in data identical to what is displayed in our Portal UI. A non-exhaustive list of popular use cases we’ve observed with this rich Abnormal data include:

  1. Validating and sharing IOCs for more robust protection. Customers can extract phishing and malware links to cross-reference the threat intelligence with other solutions, and then check whether the links have been clicked by end users via an endpoint solution, which could trigger a workflow for end-user follow-ups. The IOCs can be shared with endpoint, web proxy, firewall, or other tools to enhance detection capabilities on a go-forward basis.

  2. Automating Abuse Mailbox workflows. Customers will ensure that Abuse Mailbox submissions deemed safe by Abnormal are not sent to SOC analysts for review. For submissions deemed malicious, customers can check if there was other suspicious activity corresponding to that user, and send automated emails to the submitter or other employees as part of a training program.

  3. Ticketing workflows. Customers can use the SOAR to facilitate investigations and other internal processes. For example, account takeover cases detected by Abnormal can be ingested by ServiceNow to create tickets with the appropriate team members automatically assigned, eliminating the need to monitor the portal or do any manual work.

Abnormal's partner integrations provide a significant way to tie into the rest of the security ecosystem. By strengthening your organization’s security posture and workflows, these integrations enable you to gain increased leverage on existing investments in the tools you already operate while saving valuable time for your team.

Over time, we aim to continually work with our customers so they can focus their efforts on the highest priority security events, as opposed to manual operations. We will be guided by these themes as we continue to expand our integration capabilities.

Not yet an Abnormal customer? Request a demo today to learn how Abnormal can improve email incident response capabilities and streamline workflows.

Extend Your Security Operations with Automated Workflows

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

ABN Innovate Blog 5 L1 R1
Uncover the future of AI-driven cybercrime in 2025. Our expert insights reveal how cybercriminals are leveraging AI to enhance their tactics and impact security.
Read More
B Fed Blog
Explore the role of AI in preventing nation-state email attacks, ensuring federal agencies are equipped to combat sophisticated cyber threats before they escalate.
Read More
B Crypto Grab Blog
CryptoGrab, a global cryptocurrency affiliate network, has been defrauding users of millions for more than 5 years using phishing emails and other tactics.
Read More
B Open Redirects
Explore the risks of open redirects and how they enable attackers to circumvent email security.
Read More
B Corrupted Word Doc QR Code Phishing Attack
Attackers exploit Microsoft Word’s file recovery to evade detection, using corrupted docs for QR code phishing. Learn how this tactic bypasses legacy security.
Read More
B H1 2025 Email Threat Report Blog
Explore new research on how AI is amplifying the impact of BEC and VEC attacks and learn how to defend against these evolving email security threats.
Read More