abnormal security abuse mailbox dashboard

SOC Automation

Supercharge your SOC workflows and save time with AI-assisted investigation, auto-remediation, follow-up, and reporting.


Automates Security Processes to Help You Take Action Faster


Improve Response Times

Automated triage helps you address user-reported incidents with greater accuracy and speed.

Keep Users and Data Secure

Remove misdirected messages, and improve detection efficacy to protect users and their data.

Streamline and Automate

No administration, configuration, or policies are needed; integrate into your SOC processes.


Automate Triage and Remediation of User-Reported Phishing Attacks

Centralizes user-reported phishing attacks and automatically investigates, remediates, and notifies reporters on results.
abuse mailbox dashboard organizing all user-reporter emails

See All User-Reported Attacks in One Place

Abuse Mailbox organizes all user-reported emails, including their original messages and headers, across all Microsoft 365 and Google Workspace tenants into a single view.

Quickly view quantitative highlights of submissions broken down by malicious, safe, and spam messages, as well as remediated campaigns and messages.

automatic triage of user-reporter email attack

Automatically Triages User-Reported Email Attacks

Abuse Mailbox automatically investigates submissions, and if found malicious, gathers other emails within the phishing campaign, removes them, and reports back to the submitter.

These missed attacks help improve detection, ensuring that similar attacks are blocked in the future.

With typically 90% of submissions known to be safe emails, this automation saves security teams many hours each week.

abuse mailbox malicious email response options

Intelligent and Thorough Remediation

Since Abnormal natively integrates with your cloud email service, it scans every email as it is sent, replied to, or forwarded within your email environment.

When an email is found malicious, Abuse Mailbox intelligently gathers all similar and related messages, their headers, and engagements. It then remediates the entire campaign, and follows up with end users appropriately.


Powerful Search Built For Rapid Response

Find and remediate emails across some or all of your tenants.
abnormal security search and respond remediating misdirected emails

Rapidly Contain Misdirected Email

Removing emails and their engagements is necessary when sensitive data is misdirected, or if an attack is missed.

Search for specific emails by sender, recipient, or subject, filter within certain time frames, and remediate them in bulk.

Every search activity is recorded for any audit requirements.


Report Missed Attacks on Detection 360° and Abnormal Resolves Them Quickly

Your submissions help Abnormal improve its detection efficacy. We keep you informed on progress at every step.
customer reports of missed attacks or false positives

Track How Abnormal Gets Better Every Day

When you submit missed attacks or false positives, a dedicated team of experts investigates them to fix the incident, improve detection efficacy, and provide you with a summary of steps taken.

Track all of these engagements and their progress from within the Detection 360° tab in the product.


Fully Automate Your SOC Workflows

Integrate with SIEM, SOAR, ITSM, and IAM solutions to enrich security insights and orchestrate workflows.


Augment your SIEM with metadata and risk scores for better attack correlation.


Trigger playbooks when users engage with bad email or compromised accounts.


Create tickets for compromised accounts or when users engage with bad emails.

Secure Email Gateways

Trigger automated post-delivery protection when gateways send alerts on missed attacks.

Phishing Training

Allow emails for training to pass inspections, and present reports on user engagement.

Identity Access Management

Log in to Abnormal via SSO, and to provide data to better detect account takeover attempts.



Our bi-directional architecture helps you set up your own custom integrations quickly and simply.

Trusted by Global Enterprises


Prevent the Attacks That Matter Most


Related Resources

Webinar phish soc cover
Most people believe that the SOC is on the front lines, defending the castles against the forces of darkness. And while that’s true, it’s never quite as heroic as we’d like it to be.
Watch Now
Data sheet 4
Supercharge your SOC workflows and save time with AI-assisted investigation, auto-remediation, follow-up, and reporting. Abnormal provides a frictionless method for user-reported phishing attacks to be submitted, triaged, and reviewed.
Read More
Resource 02 CISO
Business email compromise (BEC) is the most significant cybersecurity threat to enterprise organizations, with $2.4 billion lost in 2021 alone. This type of email attack occurs when a cybercriminal uses social engineering to impersonate a trusted contact—typically an executive, coworker, vendor, or partner.
Download Now
Webinar cover 1
Traditional cybersecurity infrastructure can’t stop new and emerging threats, particularly in the email channel, and cybercriminals are constantly changing their methods to stay one step ahead. Hear how Theresa Payton, first female White House CIO, thinks about these attacks.
Watch Now
Threat report 2
Attackers are leveraging social engineering to drive significantly higher engagement and account takeover. In the Q2 2021 threat report, Abnormal found that attacks are growing at significant rates, as threat actors leverage social engineering strategies to bypass SEGs and drive engagement.
Download Now
Microsoft whitepaper cover
In today’s cloud-first approach to managing corporate infrastructure and running applications, more than 56% of organizations globally now use Microsoft 365. See how Abnormal can help you augment your infrastructure to block the most dangerous attacks.
Download Now