chat
expand_more

Extend Your Security Operations with Automated Workflows

Our newest platform capabilities help customers streamline critical security workflows, like triaging phishing mailbox submissions or triggering tickets to investigate account takeovers, through automated playbooks. Doing so can decrease mean time to respond (MTTR) to incidents, further reducing any potential risk to the organization and eliminating manual workflows to save time and increase the efficiency of IT and security teams.
November 19, 2021

Abnormal is customer-focused, which is why we’re continually updating our product based on valued customer feedback. Our newest platform capabilities help customers streamline critical security workflows, like triaging phishing mailbox submissions or triggering tickets to investigate account takeovers, through automated playbooks. Doing so can decrease mean time to respond (MTTR) to incidents, further reducing any potential risk to the organization and eliminating manual workflows to save time and increase the efficiency of IT and security teams.

Improved Security Orchestration, Automation, and Response

We are excited to introduce our integration with Palo Alto Networks eXtended Security Orchestration, Automation and Response (XSOAR) solution. This integration facilitates investigation and response for email-borne threats, including phishing, malware, and ransomware attacks.

Analysts can cross-correlate with third-party threat intelligence tools or endpoint solutions to trigger investigation or remediation workflows. Our new integration enables teams to take action through Abnormal in an automated fashion by managing account takeover cases or submitting reports to Detection 360.

Xsoar dashboard

Frictionless Deployment with REST API

The Abnormal integration, built upon our sophisticated REST API, can be configured directly from the PAN XSOAR Marketplace, allowing customers to complete all configurations within minutes. From there, customers can leverage a series of documented commands to pull in Abnormal data and leverage it while building or modifying playbooks.

Logs events

XSOAR Functional Use Cases

Close to twenty commands can be used from the XSOAR interface, which collectively allows a user to pull in data identical to what is displayed in our Portal UI. A non-exhaustive list of popular use cases we’ve observed with this rich Abnormal data include:

  1. Validating and sharing IOCs for more robust protection. Customers can extract phishing and malware links to cross-reference the threat intelligence with other solutions, and then check whether the links have been clicked by end users via an endpoint solution, which could trigger a workflow for end-user follow-ups. The IOCs can be shared with endpoint, web proxy, firewall, or other tools to enhance detection capabilities on a go-forward basis.

  2. Automating Abuse Mailbox workflows. Customers will ensure that Abuse Mailbox submissions deemed safe by Abnormal are not sent to SOC analysts for review. For submissions deemed malicious, customers can check if there was other suspicious activity corresponding to that user, and send automated emails to the submitter or other employees as part of a training program.

  3. Ticketing workflows. Customers can use the SOAR to facilitate investigations and other internal processes. For example, account takeover cases detected by Abnormal can be ingested by ServiceNow to create tickets with the appropriate team members automatically assigned, eliminating the need to monitor the portal or do any manual work.

Abnormal's partner integrations provide a significant way to tie into the rest of the security ecosystem. By strengthening your organization’s security posture and workflows, these integrations enable you to gain increased leverage on existing investments in the tools you already operate while saving valuable time for your team.

Over time, we aim to continually work with our customers so they can focus their efforts on the highest priority security events, as opposed to manual operations. We will be guided by these themes as we continue to expand our integration capabilities.

Not yet an Abnormal customer? Request a demo today to learn how Abnormal can improve email incident response capabilities and streamline workflows.

Extend Your Security Operations with Automated Workflows

See Abnormal in Action

Schedule a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
 
Integrates Insights Reporting 09 08 22

Related Posts

B 2024 Cybersecurity Predictions
As AI becomes more prevalent in the new year, discover how our experts believe the world will change—for both good and bad.
Read More
B 11 27 23 ATO Stats
Account takeover allows threat actors to steal sign-in credentials and access an organization's network. Read some eye-popping stats about ATO cost and frequency.
Read More
B Unmasking Vendor Fraud
Learn about the techniques, tools, and technologies we use to train the models that form the backbone of our vendor fraud detection.
Read More
B ISC2
Get the latest insights from the 2023 ISC2 Cybersecurity Workforce Study, including which skills are most sought-after, how careers have changed, and how AI is affecting the industry.
Read More
B Good Bad Ugly Future of AI
Hear about positive and malicious use cases of AI and how to protect against novel threats in this recap from Chapter 3 of our Convergence of AI + Cybersecurity series.
Read More
B Cryptocurrency Donations Attack
Attackers attempt to solicit fraudulent donations via cryptocurrency transfers under the guise of collecting donations for children in Palestine.
Read More