Release Notes

We're constantly working to make the Abnormal product a world-class experience. See what's changed this month.

March 2021



  • Improved Proof of Value (POV) Integration Experience: We've enhanced our Proof of Value (POV) integration experience by introducing an Integration Status page that lets potential customers track progress of our findings before displaying results. After the initial one-click API integration, Abnormal takes on average 5-7 days to create customer-specific detection models and locate retroactive email threats. In the Integration Status page, potential customers can follow the integration progression as Abnormal learns about their environment, benefiting from increased transparency and visibility in how Abnormal processes organizational data, accessing additional controls to get tenants up and running, and gaining educational content to help understand the Abnormal product during the POV period.
  • New Genome Identity Analysis: Abnormal has introduced a new feature, Genome Identity Analysis, which shows each individual employee’s activity history, including sign-in locations, browsers, devices used, and more. The information represents a subset of data signals Abnormal uses to identify unusual activity in account takeover detections, and gives customers improved visibility into employee behavior. We've also added a Relevant Login Patterns section to the Employee Detail page for added visibility.


  • Updated Abnormal Security Client API: Abnormal has updated the Abnormal Security Client API to allow customers to specify a start and end date and time. Existing API functionality remains unchanged and will not impact existing integrations. Customers benefit from added flexibility to integrate more easily with SOAR tools like the Palo Alto Networks XSOAR.
  • Improved Explainability of Account Takeovers: We've improved our explainability of detection signals for our account takeover protection. We're now surfacing more information related to sign-ins and highlighting signals that are rare or malicious. Additionally, we now surface more information about the frequency of sign-in attributes so customers can understand the normal behaviors and patterns of employees.
  • Spoof Model Improvements: Abnormal has made improvements to our understanding of the methods external attackers use to spoof messages. We are parsing more headers and stopping more attacks that use distribution lists as a way to forward and attack internally.
  • Phone Scam Enhancements: We've seen an increase in messages that use a scam phone number to escalate attacks. We have improved the models and features that our system uses to catch such attacks.