SOC Platform Tools - Abnormal Security

SOC Platform


Abnormal Security provides a SOC platform for email on top of Microsoft & Google APIs to automate common tasks and improve the effectiveness of security operations. Automate security operations to more quickly and effectively triage, investigate and respond to attacks.


Abuse Mailbox Integration

Monitors your abuse mailbox for end-user reported emails and filters out non-malicious emails.

Triage End-User Reported Emails

Filters non-malicious emails from abuse mailbox, saving time and allowing your security team to address critical attacks instead of manually reviewing messages.

Automated Campaign-Based Remediation

Automatically identify similar malicious messages, allowing entire campaigns to be removed across all users based on a single message being reported.

Security Workflow Integration

Integration with your existing security stack allows for email response to be triggered based on email detection tools, SIEM alerts, or SOAR playbooks.

Flexible Remediation

Email campaign can be automatically remediated to Recoverable Item Folder. Recoverable Items Folder is not directly visible in end users’ Outlook client and therefore can further prevent end-users from potentially opening malicious emails post remediation. Contact your Account Manager if you would like this feature enabled.

Search and Destroy

In the Search & Destroy tool, you can search using email information such as sender, recipient, email subject, message ID, as well as source IP. Search & Destroy will surface email results that match the search criteria across the entire email environment for the past 30 days. Email that is deemed safe by Abnormal will not reveal detailed information beyond subject, recipient, sender, and timestamp.