Product FAQ: Remediation Options - Abnormal Security
Product FAQs  Remediation Options

Product FAQ: Remediation Options

Email Remediation Options

By default, Abnormal will automatically detect and move malicious emails to designated folders (junk folder, hidden folder, etc) when in Active Mode.

When in Active Mode, customers have the option to restore auto-remediated emails that were moved to junk or hidden folders as Safe.

Remediation Status

For each email/email campaign, Abnormal provides a remediation status and aggregates based on a variety of factors:

  • Abnormal first detected the email, or not
  • Email judgment (safe, spam, malicious)
  • Customer mode (Passive view-only vs. Active mode)

  • End-user interaction

Remediation status reflects the current state of email campaigns and informs end-users if any additional action is required (to further remediate, mark false positive, etc).

Status

Would Remediate

Screenshot

Mode

Passive Mode

Description

In Passive Mode, Abnormal does not remediate/move any malicious emails. All emails detected by Abnormal will have remediation status ‘Would Remediate’, meaning that Abnormal would remediate this email if the customer was in Active mode.

Auto-Remediate

Active Mode

This is the default remediation status in Active mode. Abnormal would automatically detect and move malicious emails to designated folders (Junk folder, hidden folder, etc).

Post-Remediate

Active Mode

Abnormal scans emails that were reported to customer’s phishing mailboxes (Abuse Mailbox). These are mostly emails that were reported by end-users (potential bad emails missed by Abnormal), and malicious emails that were rerouted via other channels. If the submitted message is deemed malicious, Abnormal will find any similar messages and bulk remediate all of them (move to deleted, permanently delete).

Marked Safe

Active Mode

Abnormal erroneously remediated an email (A false positive) and was later moved back by a portal user manually.

Commonly Asked Questions:

If employees have never spoken before, or have rarely communicated with one another, can I remediate the emails?

The only emails that get remediated are ones where Abnormal’s detection engine has deemed the email to be malicious based on numerous signals. Malicious emails are auto-remediated.



If one of the employees in this example reports the email via the integrated phishing report button to the Abuse Mailbox, Abnormal’s detection engine will pass judgement on if the email is safe or malicious. From Abuse Mailbox, the customer can change Abnormal’s judgement and remediate accordingly.

Can Abnormal Security assist in resetting passwords for those internal compromised accounts (EAC / ATO)?

Abnormal Security does offer the ability to reset passwords on behalf of those email account compromise / account take overs (EAC / ATO). This will require a “password administrator” account and we will send over documentation.

Want to learn more?

Schedule a personalized product demo to see:

  • Threat analytics, insights and reporting
  • Automated Triage, Investigation and response tools
  • Platform integrations into SIEM, SOAR
  • …and more
Automated Triage, Investigation and response tools

Want to learn more?

Schedule a personalized product demo to see:

  • Threat analytics, insights and reporting
  • Automated Triage, Investigation and response tools
  • Platform integrations into SIEM, SOAR
  • …and more