Incident Response Automation

Comprehensive Incident Response Automation

Abnormal Security provides a SOC platform for email on top of Microsoft & Google APIs to automate common tasks and correlate events to identify and surface incidents to security operations teams.


Respond to Compromised Accounts

Account compromise detection capabilities gives SecOps valuable time to initiate Office 365 password resets, trigger SSO password reset, revoke active sign-in sessions, disable and enable accounts and create service tickets.

Abuse Mailbox (Employee Reported Attacks)

Manage and analyze suspicious emails reported by employees into a central repository and take action on the emails by remediating them or moving them to a folder.

Bulk Remediation Across Tenant

Based on a single malicious email, automatically uncover similar malicious emails and bulk remediate them across all users email boxes in a single click.

Security Workflow Integrations

Seamless API-Integration with your existing security stack allows for email response to be triggered based on email detection tools, SIEM alerts, or SOAR playbooks. Learn more

Search and Respond

In the Search & Respond tool, you can search using email information such as sender, recipient, email subject, message ID, as well as source IP. Search & Respond will surface email results that match the search criteria across the entire email environment for the past 30 days. Email that is deemed safe by Abnormal will not reveal detailed information beyond subject, recipient, sender, and timestamp.

VIP Notifications

Abnormal provides the ability to send SOC team email notifications when an email attack campaign involves VIP recipients. Benefit from added visibility and control with proactive alerting for high-risk individuals.