D 01 UI Screen soc hero

SOC Automation

Supercharge your SOC workflows and save time with AI-assisted investigation, auto-remediation, follow-up, and reporting.

Automates Security Processes to Help You Take Action Faster

Improve Response Times

Automated triage helps you address user-reported incidents with greater accuracy and speed.

Keep Users and Data Secure

Remove misdirected messages, and improve detection efficacy to protect users and their data.

Streamline and Automate

No administration, configuration, or policies are needed; integrate into your SOC processes.

Automate Triage and Remediation of User-Reported Phishing Attacks

Centralizes user-reported phishing attacks and automatically investigates, remediates, and notifies reporters on results.
PRODUCT SOC 0930 01 2x

See All User-Reported Attacks in One Place

Abuse Mailbox organizes all user-reported emails, including their original messages and headers, across all Microsoft 365 and Google Workspace tenants into a single view.

Quickly view quantitative highlights of submissions broken down by malicious, safe, and spam messages, as well as remediated campaigns and messages.

PRODUCT SOC 0930 02 2x

Automatically Triages User-Reported Email Attacks

Abuse Mailbox automatically investigates submissions, and if found malicious, gathers other emails within the phishing campaign, removes them, and reports back to the submitter.

These missed attacks help improve detection, ensuring that similar attacks are blocked in the future.

With typically 90% of submissions known to be safe emails, this automation saves security teams many hours each week.

D 04 UI Screen one click 2x

Intelligent and Thorough Remediation

Since Abnormal natively integrates with your cloud email service, it scans every email as it is sent, replied to, or forwarded within your email environment.

When an email is found malicious, Abuse Mailbox intelligently gathers all similar and related messages, their headers, and engagements. It then remediates the entire campaign, and follows up with end users appropriately.

Powerful Search Built For Rapid Response

Find and remediate emails across some or all of your tenants.
D 05 UI Screen Sn R 2x

Rapidly Contain Misdirected Email

Removing emails and their engagements is necessary when sensitive data is misdirected, or if an attack is missed.

Search for specific emails by sender, recipient, or subject, filter within certain time frames, and remediate them in bulk.

Every search activity is recorded for any audit requirements.

Report Missed Attacks on Detection 360° and Abnormal Resolves Them Quickly

Your submissions help Abnormal improve its detection efficacy. We keep you informed on progress at every step.
PRODUCT SOC 0930 05 2x

Track How Abnormal Gets Better Every Day

When you submit missed attacks or false positives, a dedicated team of experts investigates them to fix the incident, improve detection efficacy, and provide you with a summary of steps taken.

Track all of these engagements and their progress from within the Detection 360° tab in the product.

Fully Automate Your SOC Workflows

Integrate with SIEM, SOAR, ITSM, and IAM solutions to enrich security insights and orchestrate workflows.


Augment your SIEM with metadata and risk scores for better attack correlation.


Trigger playbooks when users engage with bad email or compromised accounts.


Create tickets for compromised accounts or when users engage with bad emails.

Secure Email Gateways

Trigger automated post-delivery protection when gateways send alerts on missed attacks.

Phishing Training

Allow emails for training to pass inspections, and present reports on user engagement.

Identity Access Management

Log in to Abnormal via SSO, and to provide data to better detect account takeover attempts.


Our bi-directional architecture helps you set up your own custom integrations quickly and simply.

Trusted by Global Enterprises


See an Abnormal Product Demo

Related Resources

Data sheet 4
Supercharge your SOC workflows and save time with AI-assisted investigation, auto-remediation, follow-up, and reporting. Abnormal provides a frictionless method for user-reported phishing attacks to be submitted, triaged, and reviewed.
Read More
Whitepaper cover 1
Business email compromise (BEC) is the most significant cybersecurity threat to enterprise organizations, with $1.8 billion lost in 2020 alone. This type of email attack occurs when a cybercriminal uses social engineering to impersonate a trusted contact—typically an executive, coworker, vendor, or partner.
Read More
Webinar cover 1
Traditional cybersecurity infrastructure can’t stop new and emerging threats, particularly in the email channel, and cybercriminals are constantly changing their methods to stay one step ahead. Hear how Theresa Payton, first female White House CIO, thinks about these attacks.
Read More
Threat report 2
Attackers are leveraging social engineering to drive significantly higher engagement and account takeover. In the Q2 2021 threat report, Abnormal found that attacks are growing at significant rates, as threat actors leverage social engineering strategies to bypass SEGs and drive engagement.
Read More
Microsoft whitepaper cover
In today’s cloud-first approach to managing corporate infrastructure and running applications, more than 56% of organizations globally now use Microsoft 365. See how Abnormal can help you augment your infrastructure to block the most dangerous attacks.
Read More