Extend Your Security Operations with Automated Workflows

Our newest platform capabilities help customers streamline critical security workflows, like triaging phishing mailbox submissions or triggering tickets to investigate account takeovers, through automated playbooks. Doing so can decrease mean time to respond (MTTR) to incidents, further reducing any potential risk to the organization and eliminating manual workflows to save time and increase the efficiency of IT and security teams.
November 19, 2021

Abnormal is customer-focused, which is why we’re continually updating our product based on valued customer feedback. Our newest platform capabilities help customers streamline critical security workflows, like triaging phishing mailbox submissions or triggering tickets to investigate account takeovers, through automated playbooks. Doing so can decrease mean time to respond (MTTR) to incidents, further reducing any potential risk to the organization and eliminating manual workflows to save time and increase the efficiency of IT and security teams.

Improved Security Orchestration, Automation, and Response

We are excited to introduce our integration with Palo Alto Networks eXtended Security Orchestration, Automation and Response (XSOAR) solution. This integration facilitates investigation and response for email-borne threats, including phishing, malware, and ransomware attacks.

Analysts can cross-correlate with third-party threat intelligence tools or endpoint solutions to trigger investigation or remediation workflows. Our new integration enables teams to take action through Abnormal in an automated fashion by managing account takeover cases or submitting reports to Detection 360.

Xsoar dashboard

Frictionless Deployment with REST API

The Abnormal integration, built upon our sophisticated REST API, can be configured directly from the PAN XSOAR Marketplace, allowing customers to complete all configurations within minutes. From there, customers can leverage a series of documented commands to pull in Abnormal data and leverage it while building or modifying playbooks.

Logs events

XSOAR Functional Use Cases

Close to twenty commands can be used from the XSOAR interface, which collectively allows a user to pull in data identical to what is displayed in our Portal UI. A non-exhaustive list of popular use cases we’ve observed with this rich Abnormal data include:

  1. Validating and sharing IOCs for more robust protection. Customers can extract phishing and malware links to cross-reference the threat intelligence with other solutions, and then check whether the links have been clicked by end users via an endpoint solution, which could trigger a workflow for end-user follow-ups. The IOCs can be shared with endpoint, web proxy, firewall, or other tools to enhance detection capabilities on a go-forward basis.

  2. Automating Abuse Mailbox workflows. Customers will ensure that Abuse Mailbox submissions deemed safe by Abnormal are not sent to SOC analysts for review. For submissions deemed malicious, customers can check if there was other suspicious activity corresponding to that user, and send automated emails to the submitter or other employees as part of a training program.

  3. Ticketing workflows. Customers can use the SOAR to facilitate investigations and other internal processes. For example, account takeover cases detected by Abnormal can be ingested by ServiceNow to create tickets with the appropriate team members automatically assigned, eliminating the need to monitor the portal or do any manual work.

Abnormal's partner integrations provide a significant way to tie into the rest of the security ecosystem. By strengthening your organization’s security posture and workflows, these integrations enable you to gain increased leverage on existing investments in the tools you already operate while saving valuable time for your team.

Over time, we aim to continually work with our customers so they can focus their efforts on the highest priority security events, as opposed to manual operations. We will be guided by these themes as we continue to expand our integration capabilities.

Not yet an Abnormal customer? Request a demo today to learn how Abnormal can improve email incident response capabilities and streamline workflows.

Extend Your Security Operations with Automated Workflows

See Abnormal in Action

Schedule a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
 
Integrates Insights Reporting 09 08 22

Related Posts

BC 5 31 23 Vendor Risks
Learn the biggest risks associated with your vendor relationships and how to protect your organization from Vendor Email Compromise (VEC) attacks.
Read More
B 5 30 23 Teams
See how Abnormal's advanced security solutions protect Microsoft Teams workspace from malicious attacks and account takeovers.
Read More
Zoom BC
Discover how Abnormal protects your Zoom messages and prevents attackers from using the application to breach your business.
Read More
B 5 22 23 SOC
Discover how Abnormal simplifies detection, enhances investigation, and automates remediation, increasing threat investigation efficacy at the SOC level.
Read More
B Phishing
Knowing what to do after receiving a phishing attack is essential for preventing costly consequences. Learn how to respond to Phishing attacks.
Read More
B 5 15 23 Israel BEC
Abnormal research into an advanced Israel-based threat group puts a spotlight on the continuing rise of BEC attacks.
Read More