Release Notes

We're constantly working to make the Abnormal product a world-class experience. See what's changed this month.

December 2020


  • Privileged User Protection: Abnormal now supports privileged user protection for selected customers. Within the Threat Log tab, by selecting ‘Recipient Group’ filter dropdown, analysts can focus on attacks specifically sent to special recipient groups such as VIPs and privileged users as defined by the customer. Customers benefit from increased monitoring control and reduced alerting time.
  • Attack Highlights: We've introduced a new Attack Highlights feature that allows customers to see attacks that the system has flagged as interesting or important, directly from the Portal. These attacks refresh weekly and are intended to be a small, targeted subset of attacks seen in the Threat Log. This is especially useful for an executive audience. Additionally, customers can download the highlights as a PDF to share with others, rather than manually creating reports.
  • Proofpoint TAP Integration: For Proofpoint TAP customers, we have integrated into TAP to show reports that have been ingested and processed by Abnormal, giving analysts another look at how Abnormal would handle such events.


  • Improved Abuse Mailbox: We’ve updated Abuse Mailbox to include new reporting features and functionality. In the Dashboard, there is a new Abuse Mailbox tab where customers can see charts and graphs with configurable time periods for various metrics such as Phishing Emails Reported and Reporting Trends. These reports are also downloadable via PDF. New dashboard features include:
    • Phishing Emails Reported: Total number of phishing emails reported by employees and processed by Abuse Mailbox over the selected time period.
    • Abuse Mailbox Remediation: Total number of emails remediated by Abnormal over the selected time period.
    • Total Reporters: Total number of employees who reported messages to Abuse Mailbox
  • Inbound Attack Detection Improvements: We've made the following inbound attack detection improvements:
    • Weighted Ensemble Model: Focused our models to ensure we catch more advanced phishing and BEC attacks as compared to spam.
    • Credential Phishing Attacks via Attachments: We now use signals within attachments to detect credential phishing attacks.
    • Link-Parsing: Improved parsing of obfuscated links used by attackers.
  • Customer Report Portal Improvements: Abnormal now sends automated email notifications when resolving a potential missed attack reported by the customer. The Customer Report Portal now supports false positive analysis in addition to missed attack analysis. Every message manually moved back to the user’s inbox will receive an in-depth analysis. This analysis will lead to detection improvements to prevent similar future misjudgments. Customers benefit from increased visibility for false positive and missed attacks, as well as increased automation for receiving Abnormal alerts.
  • VendorBase Improvements: VendorBase improvements include increased vendor visibility and improved investigation experience to locate vendor impersonation attempts and potential vendor takeover incidents.
  • Tenant Search Dropdown Fix: Users in Portal are now able to search their tenants within the tenant selector.
  • Email Account Compromise Mail Rule Display Fix: The Email Account Compromise mail rule filter now displays a non-truncated version of mail rule within the Abnormal Cases page.