Product FAQ: Abuse Mailbox
Abuse Mailbox
Abnormal’s Abuse Mailbox automatically monitors and manages customer user-reported phishing mailbox. Without Abuse Mailbox, a security analyst would triage, investigate, and remediate all user reported emails. This process can be extremely manual and time consuming. Abnormal automates this process by:
- Pulling all user reported emails in one place
- Automatically providing email judgement via Abnormal’s signal detection capabilities
- Collecting the entire email attack campaign, and
- Automatically remediate email campaigns that are deemed malicious
Abuse Mailbox Log
From the Abuse Mailbox Log, analysts can view the quantitative highlights:
- Total Submissions
- Submission Breakdown (Malicious, Safe, Spam)
- Abuse Reports Remediated (Campaigns, Messages)
- If the customer has Proofpoint TAP, Abnormal offers an integration to display the number of TAP alerts received and processed by Abnormal
As well as high-level report details including:
- Subject
- Last Reporter
- From
- Recipient(s)
- Received
- Last Reported Date
- Abnormal Judgement (Malicious, Safe)
- Overall Status (Auto-Remediated, No Action Needed)
Phishing Report Details
Within the report, analysts can view:
- Email Summary
- Email Body
- Email Headers
Additionally, Abnormal will group together all similar emails found by Abnormal across your email tenant.
Remediation Options
All malicious emails are auto-remediated to save analysts time and are either moved to a deleted folder, or permanently deleted. Analysts have the option to change the judgements assessed by Abnormal’s signal detection and mark them safe (or vice versa and mark them malicious if deemed safe by Abnormal).
Dashboards and Reporting
Abuse Mailbox has numerous dashboards and reporting options to improve visibility into key metrics and activity across the organization. Analysts can get a roll-up of reported phishing emails with a breakdown by judgement – Malicious, Safe and Spam. Additionally, Abnormal provides downloadable PDF and CSV reports with custom date ranges, especially useful for an executive audience.
Abuse Mailbox Remediation Metrics
View remediation trends by attack types and as well as the total number of emails, campaigns and Proofpoint TAP-reported emails remediated by Abnormal over the selected time period.
Total Reporters
We’ve made it easier to understand who are the top employees in your organization that reported messages to Abuse Mailbox over the selected time period. Analysts can view the types of messages they’re reporting as well as toggle between ‘All Reports’ or ‘Malicious Reports Only’.
Integrated Phishing Reporting Buttons
For organizations that have an existing end-user phishing report workflow, Abuse Mailbox integrates with Cofense/PhishMe and KnowBe4 buttons, as well as the native Microsoft O365 ‘Report Message’ button.
Commonly Asked Questions:
Does Abnormal's Abuse Mailbox integrate with existing SIEM/SOAR vendors?
Abuse Mailbox integrates with SIEM/SOAR tools such as Splunk, LogRhythm, QRadar, Demisto and others as well as existing ticketing systems such as ServiceNow.
Want to learn more?
Schedule a personalized product demo to see:
- Threat analytics, insights and reporting
- Automated Triage, Investigation and response tools
- Platform integrations into SIEM, SOAR
- …and more
Want to learn more?
Schedule a personalized product demo to see:
- Threat analytics, insights and reporting
- Automated Triage, Investigation and response tools
- Platform integrations into SIEM, SOAR
- …and more
Abnormal is the email security company that stands for trust.
© 2020 Abnormal Security Corporation.
All rights reserved.