Abnormal is customer-focused, which is why we’re continually updating our product based on valued customer feedback. Our newest platform capabilities help customers streamline critical security workflows, like triaging phishing mailbox submissions or triggering tickets to investigate account takeovers, through automated playbooks. Doing so can decrease mean time to respond (MTTR) to incidents, further reducing any potential risk to the organization and eliminating manual workflows to save time and increase the efficiency of IT and security teams.
Improved Security Orchestration, Automation, and Response
We are excited to introduce our integration with Palo Alto Networks eXtended Security Orchestration, Automation and Response (XSOAR) solution. This integration facilitates investigation and response for email-borne threats, including phishing, malware, and ransomware attacks.
Analysts can cross-correlate with third-party threat intelligence tools or endpoint solutions to trigger investigation or remediation workflows. Our new integration enables teams to take action through Abnormal in an automated fashion by managing account takeover cases or submitting reports to Detection 360.
Frictionless Deployment with REST API
The Abnormal integration, built upon our sophisticated REST API, can be configured directly from the PAN XSOAR Marketplace, allowing customers to complete all configurations within minutes. From there, customers can leverage a series of documented commands to pull in Abnormal data and leverage it while building or modifying playbooks.
XSOAR Functional Use Cases
Close to twenty commands can be used from the XSOAR interface, which collectively allows a user to pull in data identical to what is displayed in our Portal UI. A non-exhaustive list of popular use cases we’ve observed with this rich Abnormal data include:
Validating and sharing IOCs for more robust protection. Customers can extract phishing and malware links to cross-reference the threat intelligence with other solutions, and then check whether the links have been clicked by end users via an endpoint solution, which could trigger a workflow for end-user follow-ups. The IOCs can be shared with endpoint, web proxy, firewall, or other tools to enhance detection capabilities on a go-forward basis.
Automating Abuse Mailbox workflows. Customers will ensure that Abuse Mailbox submissions deemed safe by Abnormal are not sent to SOC analysts for review. For submissions deemed malicious, customers can check if there was other suspicious activity corresponding to that user, and send automated emails to the submitter or other employees as part of a training program.
Ticketing workflows. Customers can use the SOAR to facilitate investigations and other internal processes. For example, account takeover cases detected by Abnormal can be ingested by ServiceNow to create tickets with the appropriate team members automatically assigned, eliminating the need to monitor the portal or do any manual work.
Abnormal's partner integrations provide a significant way to tie into the rest of the security ecosystem. By strengthening your organization’s security posture and workflows, these integrations enable you to gain increased leverage on existing investments in the tools you already operate while saving valuable time for your team.
Over time, we aim to continually work with our customers so they can focus their efforts on the highest priority security events, as opposed to manual operations. We will be guided by these themes as we continue to expand our integration capabilities.
Not yet an Abnormal customer? Request a demo today to learn how Abnormal can improve email incident response capabilities and streamline workflows.