ThreatIntelBase surfaces and aggregates behaviorally derived cross-customer and cross-platform threat intelligence to improve threat hunting and incident response efforts, streamlining SOC processes.

This intelligence is designed to provide critical insights related to unexpected or known bad IP addresses. You can query ThreatIntelBase for an IP address to view an Abnormal threat report, which includes: IoC metadata, associated APTs, common attacks, behavioral patterns, and any malicious activity within a customer’s environment or Abnormal’s federated network.

Knowledge Bases share Abnormal’s understanding of a company’s people, tenants, vendors, and applications.

• Provide a key starting point to investigate suspicious activity across the cloud email platform. The addition of IP intelligence from ThreatIntelBase provides another critical piece of information for analysts when remediating email attacks or account takeovers.

• Represent the foundation of Abnormal’s Human Behavior AI Platform. Abnormal creates a deep understanding of each customer’s users, vendors, tenants, applications, and IP addresses, surfacing any deviation from the established behavior baselines in Knowledge Bases. Analysts can use this list of potentially high-risk information to understand their cloud email attack surface and better protect their organization.