Abuse Mailbox Automation
Abuse mailbox programs are a great way to drive security awareness, but they can become overwhelming for security teams to manage.
Completely automate your user-reported email workflow and free up analyst time with the Abuse Mailbox Automation add-on to Abnormal Inbound Email Security.

Reviewing Reported Emails is an Operational Burden
Time-Consuming Operations
Manually reviewing and triaging user-reported phishing emails can consume hours of skilled analyst time weekly.
High False Positives
Approximately 90% of user-reported phishing emails are deemed safe, clogging up the queue.
Source: Abnormal Internal Data
End Users Discouraged
End users become demotivated from reporting phishing when they don’t receive feedback.
PROBLEM:
Security Teams are Drowning in User-Reported Emails
Traditional approaches to managing user-reported phishing emails are highly manual, lack intelligence, and provide limited context about the campaign or additional recipients. As a result, IT help desks and security analysts waste time in a cumbersome and inefficient workflow, missing higher impact attacks.
THE SOLUTION:
Abnormal Inbound Email Security with Abuse Mailbox Automation
Abuse Mailbox Automation alleviates bottlenecks by using behavioral AI and automation to streamline your entire user-reported email workflow. It centralizes all user-reported messages and automatically analyzes, classifies, remediates, and responds to them, correlating them to campaigns. Additionally, Abnormal provides enhanced visibility into quantitative metrics, attack summaries, detailed email analyses, and more.
How Abnormal Saves Your Analysts Time
Automatically Triages and Remediates Emails
When users report an email, Abnormal automatically inspects and judges it as malicious, safe, or spam. If an email is found malicious, Abuse Mailbox intelligently locates and removes other unreported emails within the same phishing campaign.
The AI-powered detection and automated triage process addresses user-reported incidents more accurately, quickly, and thoroughly—saving your team hours each week and eliminating dwell time.

Responds to Users with Customizable Templates
Abnormal closes the communication loop by automatically sending a follow-up email to inform reporters of the submission outcome and remediation action.
Swifter, personalized response to end users allows the organization to improve the employee experience, encouraging phishing reporting behavior and growing a healthy cybersecurity culture.

Brings All User-Reported Emails into View
Abnormal organizes all user-reported emails in one place and provides enhanced visibility into each submission. Administrators can see full attack context for each campaign and email, as well additional details about top reporters and most attacked employees.
The enhanced visibility allows you to gain holistic attack and remediation insights, assess employees' security awareness more efficiently, and save time from locating unreported campaign-correlated emails.

Integrates with Existing Workflow and SIEM/SOAR Solutions
Abnormal integrates with existing end-user phishing reporting buttons, SIEM/SOAR solutions, and ticketing system workflows to enable centralized alerts for SOC analysts.
The most popular integrations include Palo Alto Networks Cortex XSOAR by Palo Alto Networks and Microsoft Azure Sentinel.

Legacy Approach to Managing User-Reported Messages
- Only remediates individual messages
- No campaign context
- Separate abuse mailboxes per email tenant
- Manual investigation and triage requires an average of 30 minutes per message
- Manual remediation and response
- Limited visibility and reporting
Abnormal’s Unique Approach to Abuse Mailbox Automation
- Remediates campaigns
- Full campaign context
- Identity, content, and behavior-based email evaluation
- Automated triage, remediation, and response saves time
- Integration with existing phishing reporting buttons, SIEM/SOAR solutions, and ticketing systems
Deployment Outcomes
Process Automated
95%
Reduction in time spent reviewing user-reported email.
SOC Time Saved
5,000
SOC analyst hours saved annually.
Analysts Unburdened
2
Full-time employees freed from handling user-reported email.
Trusted by Global Enterprises

Accelerate Security Operations with Abuse Mailbox Automation
Learn how you can free up time for strategic projects when you accelerate and automate the user-reported email flow.