Abnormal Security v2.4.8
Abnormal Security detects and protects against the whole spectrum of email attacks
- Author:
- Abnormal Security
- Support:
- partner
- Default data source:
- Abnormal Security Event Collector
Classifiers (1)
Incident fields (58)
- Abnormal Security Abuse Campaign Attack Type
- Abnormal Security Abuse Campaign First Reported
- Abnormal Security Abuse Campaign From Address
- Abnormal Security Abuse Campaign From Name
- Abnormal Security Abuse Campaign ID
- Abnormal Security Abuse Campaign Judgement Status
- Abnormal Security Abuse Campaign Last Reported
- Abnormal Security Abuse Campaign Message ID
- Abnormal Security Abuse Campaign Overall Status
- Abnormal Security Abuse Campaign Recipient Address
- Abnormal Security Abuse Campaign Recipient Name
- Abnormal Security Abuse Campaign Subject
- Abnormal Security Affected Employee
- Abnormal Security Analysis
- Abnormal Security Attachment Count
- Abnormal Security Attachment Names
- Abnormal Security Attack Strategy
- Abnormal Security Attack Type
- Abnormal Security Attack Vector
- Abnormal Security Attacked Party
- Abnormal Security Auto Remediated
- Abnormal Security CC Emails
- Abnormal Security Campaign ID
- Abnormal Security Case GenAI Summary
- Abnormal Security Case ID
- Abnormal Security Case Status
- Abnormal Security Customer Visible Time
- Abnormal Security First Observed Time
- Abnormal Security First Reported
- Abnormal Security From Address
- Abnormal Security From Name
- Abnormal Security Impersonated Party
- Abnormal Security Internet Message ID
- Abnormal Security Is Read
- Abnormal Security Judgement Status
- Abnormal Security Last Reported
- Abnormal Security Message ID
- Abnormal Security Overall Status
- Abnormal Security Portal URL
- Abnormal Security Post Remediated
- Abnormal Security Received Time
- Abnormal Security Recipient Address
- Abnormal Security Recipient Name
- Abnormal Security Remediation Status
- Abnormal Security Remediation Timestamp
- Abnormal Security Reply To Emails
- Abnormal Security Return Path
- Abnormal Security Sender Domain
- Abnormal Security Sender IP Address
- Abnormal Security Sent Time
- Abnormal Security Severity
- Abnormal Security Severity Level
- Abnormal Security Subject
- Abnormal Security Summary Insights
- Abnormal Security Threat ID
- Abnormal Security Threat IDs
- Abnormal Security To Addresses
- Abnormal Security Url Count
Incident types (1)
Integrations (2)
Modeling rules (2)
README
Overview
Abnormal Security provides comprehensive defense against the entire landscape of messaging threats, ranging from high-sophistication Vendor Email Compromise (VEC) and targeted spear-phishing to lower-priority graymail and unsolicited spam.
To mitigate these advanced risks, the platform utilizes Behavioral Data Science to establish an identity-based baseline of legitimate communication patterns. By analyzing these established norms, Abnormal can identify and neutralize anomalous deviations and novel attack vectors that bypass traditional, signature-based security infrastructures.
The integration of Abnormal Security with Cortex XSIAM empowers security teams to respond to email threats with speed and dramatically reduces mean time to respond (MTTR). Threat data is ingested via the Abnormal Security REST API, enabling continuous visibility into detected threats, remediation status, and attack metadata directly within XSIAM.
This pack includes
- Modeling rules for Cortex XSIAM Abnormal Security email threat logs.
- Abnormal Security REST API into Cortex XSIAM.
- Retrieving email threat campaign data using Cortex XSOAR / XSIAM.
- Retrieving email anomaly cases using Cortex XSOAR / XSIAM.
<~XSIAM>
Supported log categories
| Category | Category Display Name |
|---|---|
| Email Threats | Abnormal Security Email Threat Detections |
Data Collection
Abnormal Security side
Step 1: Generate an Authentication Token
- Log in to the Abnormal Security Portal.
- Navigate to Settings → Integrations and click on Abnormal REST API.
- Click Generate Token to create your authentication token.
- Copy and securely store the token — it grants access to sensitive threat data related to your organization.
Security Note: Keep the token safe. Store it in a secure location such as an encrypted password vault. Do not share it unless absolutely necessary. If you believe the token has been compromised, contact your Abnormal Security Account Manager immediately.
For more information, refer to the Abnormal Security REST API documentation.
Cortex XSIAM side
To configure Cortex XSIAM to collect data from the Abnormal Security REST API:
- Navigate to Settings → Automation & Feed Integration.
- Search for Abnormal Security and select Add instance.
-
Set the following parameters:
Parameter Value NameAbnormal Security Email Protection TokenEnter the authentication token generated in Step 1 above ( {your_api_token}) - Click Test to Verify the connection.
- Click Save & Exit to save the configuration.
For more information on configuring data sources in Cortex XSIAM, see the Cortex XSIAM Data Sources documentation.
</~XSIAM>