Release Notes

We're constantly working to make the Abnormal product a world-class experience. See what's changed this month.

October 2020


  • New Facet Model to Improve Attack Type Accuracy: We've released a new facet model to improve attack facet classification, improving Attack Type accuracy by 20%. Customers can benefit from more accurate Attack Type mapping for each attack caught by Abnormal and showcased in Portal.
  • Microsoft O365 Group Messages Detection and Alerting: We can now detect malicious emails that exist within a Microsoft Office 365 Group mailbox. Get an instant alert notification when a group mailbox message is found and proceed to remediate the message in your own tenant. Benefits include reduced time to detection and response, increased protection coverage, and reduced risk from attacks getting interacted within the O365 environment.


  • Faster Account Compromise Detection from Legacy App Sign-Ins: We've improved account compromise detection speed for takeovers triggered by legacy app sign-ins. Customers can benefit from faster compromise detection and case alerting, as well reduced mean time to respond speed for customers to start incident response workflow.
  • Russian Malware Protection: New improvements to strengthen detection around stopping Russian-based attackers using Emotet trojans to drop Ryuk ransomware and BazarLoader targeting U.S.-based industries. These attacks were seen bypassing traditional secure email gateways and are embedded within cloud-based Google Docs and Microsoft word files. Customers can benefit from lowered risk from malware/ransomware-based attacks.
  • General Detection Improvements: Abnormal has shipped several detection improvements listed below. Customers can benefit from improved detection precision for BEC, impersonation, and text-based attacks.
    • Message model improvements
    • Recon detection improvements
    • Spoof model recall improvements
    • Phishing model recall improvements based on reported FN