Product FAQ Abuse Mailbox - Abnormal Security
Product FAQs  Abuse Mailbox

Product FAQ: Abuse Mailbox

Abuse Mailbox

Abnormal’s Abuse Mailbox automatically monitors and manages customer user-reported phishing mailbox. Without Abuse Mailbox, a security analyst would triage, investigate, and remediate all user reported emails. This process can be extremely manual and time consuming. Abnormal automates this process by:

  1. Pulling all user reported emails in one place
  2. Automatically providing email judgement via Abnormal’s signal detection capabilities
  3. Collecting the entire email attack campaign, and
  4. Automatically remediate email campaigns that are deemed malicious

Abuse Mailbox Log

From the Abuse Mailbox Log, analysts can view the quantitative highlights:

  • Total Submissions
  • Submission Breakdown (Malicious, Safe, Spam)
  • Abuse Reports Remediated (Campaigns, Messages)
  • If the customer has Proofpoint TAP, Abnormal offers an integration to display the number of TAP alerts received and processed by Abnormal

As well as high-level report details including:

  • Subject
  • Last Reporter
  • From
  • Recipient(s)
  • Received
  • Last Reported Date
  • Abnormal Judgement (Malicious, Safe)
  • Overall Status (Auto-Remediated, No Action Needed)

Phishing Report Details

Within the report, analysts can view:

  • Email Summary
  • Email Body
  • Email Headers

Additionally, Abnormal will group together all similar emails found by Abnormal across your email tenant.

Remediation Options

All malicious emails are auto-remediated to save analysts time and are either moved to a deleted folder, or permanently deleted. Analysts have the option to change the judgements assessed by Abnormal’s signal detection and mark them safe (or vice versa and mark them malicious if deemed safe by Abnormal).

Dashboards and Reporting

Phishing Emails Reported

Abuse Mailbox has numerous dashboards and reporting options to improve visibility into key metrics and activity across the organization. Analysts can get a roll-up of reported phishing emails with a breakdown by judgement – Malicious, Safe and Spam. Additionally, Abnormal provides downloadable PDF and CSV reports with custom date ranges, especially useful for an executive audience.

Abuse Mailbox Remediation Metrics

View remediation trends by attack types and as well as the total number of emails, campaigns and Proofpoint TAP-reported emails remediated by Abnormal over the selected time period.

Total Reporters

We’ve made it easier to understand who are the top employees in your organization that reported messages to Abuse Mailbox over the selected time period. Analysts can view the types of messages they’re reporting as well as toggle between ‘All Reports’ or ‘Malicious Reports Only’.

Integrated Phishing Reporting Buttons

For organizations that have an existing end-user phishing report workflow, Abuse Mailbox integrates with Cofense/PhishMe and KnowBe4 buttons, as well as the native Microsoft O365 ‘Report Message’ button.

Commonly Asked Questions:

Does Abnormal's Abuse Mailbox integrate with existing SIEM/SOAR vendors?

Abuse Mailbox integrates with SIEM/SOAR tools such as Splunk, LogRhythm, QRadar, Demisto and others as well as existing ticketing systems such as ServiceNow.

Want to learn more?

Schedule a personalized product demo to see:

  • Threat analytics, insights and reporting
  • Automated Triage, Investigation and response tools
  • Platform integrations into SIEM, SOAR
  • …and more
Automated Triage, Investigation and response tools

Want to learn more?

Schedule a personalized product demo to see:

  • Threat analytics, insights and reporting
  • Automated Triage, Investigation and response tools
  • Platform integrations into SIEM, SOAR
  • …and more