Extend Your Security Operations with Automated Workflows

Abnormal is customer-focused, which is why we’re continually updating our product based on valued customer feedback. Our newest platform capabilities help customers streamline critical security workflows, like triaging phishing mailbox submissions or triggering tickets to investigate account takeovers, through automated playbooks. Doing so can decrease mean time to respond (MTTR) to incidents, further reducing any potential risk to the organization and eliminating manual workflows to save time and increase the efficiency of IT and security teams.

Improved Security Orchestration, Automation, and Response

We are excited to introduce our integration with Palo Alto Networks eXtended Security Orchestration, Automation and Response (XSOAR) solution. This integration facilitates investigation and response for email-borne threats, including phishing, malware, and ransomware attacks.

Analysts can cross-correlate with third-party threat intelligence tools or endpoint solutions to trigger investigation or remediation workflows. Our new integration enables teams to take action through Abnormal in an automated fashion by managing account takeover cases or submitting reports to Detection 360.

Xsoar dashboard

Frictionless Deployment with REST API

The Abnormal integration, built upon our sophisticated REST API, can be configured directly from the PAN XSOAR Marketplace, allowing customers to complete all configurations within minutes. From there, customers can leverage a series of documented commands to pull in Abnormal data and leverage it while building or modifying playbooks.

Logs events

XSOAR Functional Use Cases

Close to twenty commands can be used from the XSOAR interface, which collectively allows a user to pull in data identical to what is displayed in our Portal UI. A non-exhaustive list of popular use cases we’ve observed with this rich Abnormal data include:

  1. Validating and sharing IOCs for more robust protection. Customers can extract phishing and malware links to cross-reference the threat intelligence with other solutions, and then check whether the links have been clicked by end users via an endpoint solution, which could trigger a workflow for end-user follow-ups. The IOCs can be shared with endpoint, web proxy, firewall, or other tools to enhance detection capabilities on a go-forward basis.

  2. Automating Abuse Mailbox workflows. Customers will ensure that Abuse Mailbox submissions deemed safe by Abnormal are not sent to SOC analysts for review. For submissions deemed malicious, customers can check if there was other suspicious activity corresponding to that user, and send automated emails to the submitter or other employees as part of a training program.

  3. Ticketing workflows. Customers can use the SOAR to facilitate investigations and other internal processes. For example, account takeover cases detected by Abnormal can be ingested by ServiceNow to create tickets with the appropriate team members automatically assigned, eliminating the need to monitor the portal or do any manual work.

Abnormal's partner integrations provide a significant way to tie into the rest of the security ecosystem. By strengthening your organization’s security posture and workflows, these integrations enable you to gain increased leverage on existing investments in the tools you already operate while saving valuable time for your team.

Over time, we aim to continually work with our customers so they can focus their efforts on the highest priority security events, as opposed to manual operations. We will be guided by these themes as we continue to expand our integration capabilities.

Not yet an Abnormal customer? Request a demo today to learn how Abnormal can improve email incident response capabilities and streamline workflows.


Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 10 3 22 Cobalt Terrapin Blog
Threat group Cobalt Terrapin uses sophisticated impersonation techniques with multiple steps to commit invoice fraud.
Read More
B 09 29 22 CISO Cybersecurity Awareness Month
October is here, which means Cybersecurity Awareness Month is officially in full swing! These five tips can help security leaders take full advantage of the month.
Read More
B Email Security Challenges Blog 09 26 22
Understanding common email security challenges caused by your legacy technology will help you determine the best solution to improve your security posture.
Read More
B 5 Crucial Tips
Retailers are a popular target for threat actors due to their wealth of customer data and availability of funds. Here are 5 cybersecurity tips to help retailers reduce their risk of attack.
Read More
B 3 Essential Elements
Legacy approaches to managing unwanted mail are neither practical nor scalable. Learn the 3 essential elements of modern, effective graymail management.
Read More
B Back to School
Discover how threat group Chiffon Herring leverages impersonation and spoofed email addresses to divert paychecks to mule accounts.
Read More
B 09 06 22 Rearchitecting a System Blog
We recently shared a look at how the Abnormal engineering team overhauled our Unwanted Mail service architecture to accommodate our rapid growth. Today, we’re diving into how the team migrated traffic to the new architecture—with zero downtime.
Read More
B Industry Leading CIS Os
Stay up to date on the latest cybersecurity trends, industry news, and best practices by following these 12 innovative and influential thought leaders on social media.
Read More
B Podcast Engineering 11 08 24 22
In episode 11 of Abnormal Engineering Stories, David Hagar, Director of Engineering and Abnormal Head of UK Engineering, continues his conversation with Zehan Wang, co-founder of Magic Pony.
Read More