Abnormal Security
Abnormal Security detects the whole spectrum of email attacks, from vendor email compromise and spear-phishing to unwanted email spam and graymail. To stop these advanced attacks, Abnormal leverages the industry’s most advanced behavioral data science to baseline known good behavior and detects anomalies.
Data Enrichment & Threat Intelligence · Abnormal Security
Configuration parameters
url— Server URL (e.g. https://api.abnormalplatform.com/v1) (required)api_key— API Key (required)insecure— Trust any certificate (not secure)proxy— Use system proxy settingsisFetch— Fetch incidentsmax_fetch— Maximum incidents to fetch.fetch_threats— Fetch Threatsfetch_abuse_campaigns— Fetch Abuse Campaignsfetch_account_takeover_cases— Fetch Account Takeover Casesfirst_fetch— First fetch timeincidentType— Incident typeincidentFetchInterval— Incidents Fetch Intervalpolling_lag— Polling Lag Time (in minutes)max_page_number— Maximum incidents pages to fetch
Commands (31)
-
abnormal-security-check-case-action-statusCheck the status of an action requested on a case.
-
abnormal-security-check-threat-action-statusCheck the status of an action requested on a threat.
-
abnormal-security-download-message-attachmentDownload an attachment from a message found in search results. All required parameters can be obtained from the abnormal-security-search-messages command output.
-
abnormal-security-download-message-emlDownload a message in RFC822 EML format for forensic analysis. For quarantine messages, both quarantine_identity and recipient_mailbox parameters are required.
-
abnormal-security-download-threat-log-csvDownload data from Threat Log in .csv format.
-
abnormal-security-get-abnormal-caseGet details of an Abnormal case.
-
abnormal-security-get-abuse-mailbox-campaignGet details of an Abuse Mailbox campaign.
-
abnormal-security-get-activity-statusGet the status and details of a specific activity log entry.
-
abnormal-security-get-case-analysis-and-timelineProvides the analysis and timeline details of a case.
-
abnormal-security-get-employee-identity-analysisGet employee identity analysis (Genome) data.
-
abnormal-security-get-employee-informationGet employee information.
-
abnormal-security-get-employee-last-30-days-login-csvGet employee login information for last 30 days in csv format.
-
abnormal-security-get-latest-threat-intel-feedDeprecatedGet the latest threat intel feed.
-
abnormal-security-get-threatGet details of a threat.
-
abnormal-security-get-vendor-activityGet the activity for a specific vendor.
-
abnormal-security-get-vendor-case-detailsGet the details of a vendor case.
-
abnormal-security-get-vendor-detailsGet the details of a specific vendor.
-
abnormal-security-list-abnormal-casesGet a list of Abnormal cases identified by Abnormal Security.
-
abnormal-security-list-abuse-mailbox-campaignsGet a list of campaigns submitted to Abuse Mailbox.
-
abnormal-security-list-activitiesGet a list of activity logs for message search and remediation operations.
-
abnormal-security-list-threatsGet a list of threats.
-
abnormal-security-list-unanalyzed-abuse-mailbox-campaignsGet a list of unanalyzed abuse mailbox campaigns.
-
abnormal-security-list-vendor-casesGet a list of vendor cases.
-
abnormal-security-list-vendorsGet a list of vendors.
-
abnormal-security-manage-abnormal-caseManage an Abnormal Case.
-
abnormal-security-manage-threatManage a Threat identified by Abnormal Security.
-
abnormal-security-remediate-messagesRemediate messages by performing actions like delete, move, or submit to Detection360.
-
abnormal-security-search-messagesSearch for messages using filters across abnormal or quarantine sources.
-
abnormal-security-submit-false-negative-reportSubmit a False Negative Report.
-
abnormal-security-submit-false-positive-reportSubmit a False Positive Report.
-
abnormal-security-submit-inquiry-to-request-a-report-on-misjudgementSubmit an Inquiry to request a report on misjudgement by Abnormal Security.