Details
Content
Dependencies
Version History

Abnormal Security detects and protects against the whole spectrum of email attacks

Abnormal Security

Abnormal Security detects the whole spectrum of email attacks, from vendor email compromise and spear-phishing to unwanted email spam and graymail. To stop these advanced attacks, Abnormal leverages the industry’s most advanced behavioral data science to baseline known good behavior and detects anomalies. The integration of Abnormal Security's SOAR API with Cortex XSOAR empowers security teams to respond to incidents with speed and helps to dramatically reduce mean time to respond.

What does this pack do?

The integration pack allows:
• Retrieving email threat campaign data using Cortex XSOAR
• Retrieving email anomaly cases using Cortex XSOAR

For more information on Abnormal Security, please visit www.abnormalsecurity.com

Abnormal Security

Abnormal Security detects the whole spectrum of email attacks, from vendor email compromise and spear-phishing to unwanted email spam and graymail. To stop these advanced attacks, Abnormal leverages the industry’s most advanced behavioral data science to baseline known good behavior and detects anomalies. The integration of Abnormal Security's SOAR API with Cortex XSIAM empowers security teams to respond to incidents with speed and helps to dramatically reduce mean time to respond.

What does this pack do?

The integration pack allows:
• Retrieving email threat campaign data using Cortex XSIAM
• Retrieving email anomaly cases using Cortex XSIAM

For more information on Abnormal Security, please visit www.abnormalsecurity.com

Classifiers

Name	Description
Abnormal Security - Incoming Mapper

Incident Fields

Name	Description
Abnormal Security Abuse Campaign Last Reported
Abnormal Security Threat ID
Abnormal Security Abuse Campaign Overall Status
Abnormal Security From Name
Abnormal Security Abuse Campaign Recipient Name
Abnormal Security Portal URL
Abnormal Security Campaign ID
Abnormal Security Abuse Campaign Subject
Abnormal Security Case ID
Abnormal Security Overall Status
Abnormal Security Abuse Campaign Message ID
Abnormal Security Auto Remediated
Abnormal Security Severity Level
Abnormal Security Threat IDs
Abnormal Security Affected Employee
Abnormal Security Received Time
Abnormal Security Is Read
Abnormal Security Sender Domain
Abnormal Security Internet Message ID
Abnormal Security First Reported
Abnormal Security Abuse Campaign From Address
Abnormal Security Attack Strategy
Abnormal Security Post Remediated
Abnormal Security Impersonated Party
Abnormal Security Case Status
Abnormal Security Subject
Abnormal Security Judgement Status
Abnormal Security Customer Visible Time
Abnormal Security Last Reported
Abnormal Security Abuse Campaign From Name
Abnormal Security Url Count
Abnormal Security Abuse Campaign ID
Abnormal Security From Address
Abnormal Security Sent Time
Abnormal Security Remediation Status
Abnormal Security CC Emails
Abnormal Security Remediation Timestamp
Abnormal Security Recipient Name
Abnormal Security Summary Insights
Abnormal Security Attack Type
Abnormal Security Reply To Emails
Abnormal Security Abuse Campaign Judgement Status
Abnormal Security Abuse Campaign Recipient Address
Abnormal Security Attack Vector
Abnormal Security Recipient Address
Abnormal Security Abuse Campaign Attack Type
Abnormal Security First Observed Time
Abnormal Security Message ID
Abnormal Security Severity
Abnormal Security Sender IP Address
Abnormal Security Abuse Campaign First Reported
Abnormal Security Attachment Names
Abnormal Security To Addresses
Abnormal Security Attachment Count
Abnormal Security Attacked Party
Abnormal Security Return Path
Abnormal Security Analysis

Incident Types

Name	Description
AbnormalSecurity

Integrations

Name	Description
Abnormal Security (Partner Contribution)	Abnormal Security detects the whole spectrum of email attacks, from vendor email compromise and spear-phishing to unwanted email spam and graymail. To stop these advanced attacks, Abnormal leverages the industry’s most advanced behavioral data science to baseline known good behavior and detects anomalies.

Classifiers

Name	Description
Abnormal Security - Incoming Mapper

Incident Fields

Name	Description
Abnormal Security Impersonated Party
Abnormal Security Attack Type
Abnormal Security Overall Status
Abnormal Security Abuse Campaign First Reported
Abnormal Security Attack Strategy
Abnormal Security Last Reported
Abnormal Security Recipient Address
Abnormal Security Reply To Emails
Abnormal Security Recipient Name
Abnormal Security From Name
Abnormal Security Case Status
Abnormal Security CC Emails
Abnormal Security Attacked Party
Abnormal Security Severity
Abnormal Security Received Time
Abnormal Security Analysis
Abnormal Security Sent Time
Abnormal Security Abuse Campaign Recipient Address
Abnormal Security Abuse Campaign From Address
Abnormal Security From Address
Abnormal Security Is Read
Abnormal Security Attack Vector
Abnormal Security Abuse Campaign From Name
Abnormal Security Auto Remediated
Abnormal Security Sender IP Address
Abnormal Security Abuse Campaign ID
Abnormal Security Customer Visible Time
Abnormal Security Threat ID
Abnormal Security To Addresses
Abnormal Security Remediation Status
Abnormal Security Abuse Campaign Attack Type
Abnormal Security Threat IDs
Abnormal Security Abuse Campaign Recipient Name
Abnormal Security Attachment Names
Abnormal Security Severity Level
Abnormal Security Message ID
Abnormal Security Sender Domain
Abnormal Security Abuse Campaign Overall Status
Abnormal Security Portal URL
Abnormal Security Internet Message ID
Abnormal Security Return Path
Abnormal Security Abuse Campaign Message ID
Abnormal Security Url Count
Abnormal Security Subject
Abnormal Security First Reported
Abnormal Security Remediation Timestamp
Abnormal Security Affected Employee
Abnormal Security Post Remediated
Abnormal Security Abuse Campaign Judgement Status
Abnormal Security Summary Insights
Abnormal Security Abuse Campaign Subject
Abnormal Security Judgement Status
Abnormal Security First Observed Time
Abnormal Security Campaign ID
Abnormal Security Case ID
Abnormal Security Abuse Campaign Last Reported
Abnormal Security Attachment Count

Incident Types

Name	Description
AbnormalSecurity

Integrations

Name	Description
Abnormal Security Event Collector	Abnormal Security Event Collector integration for XSIAM.
Abnormal Security (Partner Contribution)	Abnormal Security detects the whole spectrum of email attacks, from vendor email compromise and spear-phishing to unwanted email spam and graymail. To stop these advanced attacks, Abnormal leverages the industry’s most advanced behavioral data science to baseline known good behavior and detects anomalies.

Modeling Rules

Name	Description
Abnormal Security Event Collector

Pack Name	Pack By
Base	By: Cortex XSOAR

Pack Name	Pack By
Common Types	By: Cortex XSOAR

Pack Name	Pack By
Base	By: Cortex XSOAR

2.2.10 - 1054698 (May 29, 2024)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 34511

Download

2.2.9 - R1051712 (May 28, 2024)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 34374

Download

2.2.8 - 1019707 (May 16, 2024)

Integrations

Abnormal Security

Fixed an issue in the abnormal-security-submit_false_positive_report command where the portal_link argument did not work as expected.
Fixed an issue in the abnormal-security-submit_false_negative_report command where the recipient_email argument did not work as expected.

Related pull requests:
- 34297
- 34366

Download

2.2.7 - 913451 (March 25, 2024)

Integrations

Abnormal Security

Added an additional search filters arguments (such as sender, recipient, subject, etc.) for the abnormal-security-list-abuse-mailbox-campaigns and abnormal-security-list-threats commands.
Updated the Docker image to: demisto/python3:3.10.14.90585.

Related pull requests:
- 33462
- 32959

Download

2.2.6 - 865088 (March 3, 2024)

Integrations

Abnormal Security

Updated the Docker image to: demisto/python3:3.10.13.88772.

Related pull requests:
- 33184

Download

2.2.5 - 823153 (February 12, 2024)

Integrations

Abnormal Security

Updated the Docker image to: demisto/python3:3.10.13.87159.

Related pull requests:
- 32837

Download

2.2.4 - 798475 (February 1, 2024)

Integrations

Abnormal Security

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32533

Download

2.2.3 - 757686 (January 11, 2024)

Integrations

Abnormal Security

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32061

Download

2.2.2 - 7190203 (December 17, 2023)

Integrations

Abnormal Security

Modified the occurred time source for incidents.

Related pull requests:
- 31522
- 31404

Download

2.2.1 - 7161298 (December 14, 2023)

Integrations

Abnormal Security

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31470

Download

2.2.0 - 7054275 (December 3, 2023)

Incident Fields

New: Abnormal Security Abuse Campaign From Address
New: Abnormal Security Post Remediated
New: Abnormal Security Analysis
New: Abnormal Security First Reported
New: Abnormal Security Severity
New: Abnormal Security Recipient Name
New: Abnormal Security Abuse Campaign ID
New: Abnormal Security Recipient Address
New: Abnormal Security Portal URL
New: Abnormal Security Attacked Party
New: Abnormal Security First Observed Time
New: Abnormal Security Subject
New: Abnormal Security Internet Message ID
New: Abnormal Security Severity Level
New: Abnormal Security Attachment Count
New: Abnormal Security Abuse Campaign From Name
New: Abnormal Security Judgement Status
New: Abnormal Security Abuse Campaign Subject
New: Abnormal Security Abuse Campaign Overall Status
New: Abnormal Security Message ID
New: Abnormal Security Reply To Emails
New: Abnormal Security Attack Strategy
New: Abnormal Security Is Read
New: Abnormal Security Abuse Campaign Judgement Status
New: Abnormal Security Threat ID
New: Abnormal Security Attachment Names
New: Abnormal Security Received Time
New: Abnormal Security Impersonated Party
New: Abnormal Security Sender Domain
New: Abnormal Security Remediation Timestamp
New: Abnormal Security Case Status
New: Abnormal Security From Name
New: Abnormal Security Affected Employee
New: Abnormal Security Abuse Campaign First Reported
New: Abnormal Security Abuse Campaign Message ID
New: Abnormal Security Case ID
New: Abnormal Security Url Count
New: Abnormal Security Remediation Status
New: Abnormal Security Return Path
New: Abnormal Security To Addresses
New: Abnormal Security Campaign ID
New: Abnormal Security Abuse Campaign Recipient Name
New: Abnormal Security Attack Vector
New: Abnormal Security From Address
New: Abnormal Security Sent Time
New: Abnormal Security Summary Insights
New: Abnormal Security Attack Type
New: Abnormal Security Threat IDs
New: Abnormal Security Abuse Campaign Last Reported
New: Abnormal Security Last Reported
New: Abnormal Security Customer Visible Time
New: Abnormal Security Auto Remediated
New: Abnormal Security Sender IP Address
New: Abnormal Security CC Emails
New: Abnormal Security Abuse Campaign Recipient Address
New: Abnormal Security Overall Status
New: Abnormal Security Abuse Campaign Attack Type

Incident Types

New: AbnormalSecurity

Integrations

Abnormal Security

Updated the Docker image to: demisto/python3:3.10.13.81631.

Mappers

New: Abnormal Security - Incoming Mapper

New: Abnormal Security Mapper (Available from Cortex XSOAR 6.9.0).

Related pull requests:
- 30393
- 31233

Download

2.1.3 - 7029664 (November 30, 2023)

Integrations

Abnormal Security

Updated the Docker image to: demisto/python3:3.10.13.80593.

Related pull requests:
- 31198

Download

2.1.2 - R6834680 (November 8, 2023)

Integrations

Abnormal Security

Updated the Docker image to: demisto/python3:3.10.13.80014.

Related pull requests:
- 30715

Download

2.1.1 - 6679159 (October 23, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 30084

Download

2.1.0 - 6527890 (October 6, 2023)

Integrations

Abnormal Security

Updated the Docker image to: demisto/python3:3.10.13.75921.
Added the following commands:
- abnormal-security-list-vendors
- abnormal-security-get-vendor-details
- abnormal-security-get-vendor-activity
- abnormal-security-list-vendor-cases
- abnormal-security-get-vendor-case-details
- abnormal-security-list-unanalyzed-abuse-mailbox-campaigns
Expanded fields for the abnormal-security-get-threat command response.
Added fetch_incidents functionality which gathers information related to threats, abuse campaigns, and account takeovers.

Related pull requests:
- 29994
- 30078

Download

2.0.27 - 6437102 (September 27, 2023)

Integrations

Abnormal Security

Updated the Docker image to: demisto/python3:3.10.13.74666.

Related pull requests:
- 29868

Download

2.0.26 - 6234071 (September 4, 2023)

Integrations

Abnormal Security

Updated the Docker image to: demisto/python3:3.10.13.72123.

Related pull requests:
- 29430

Download

2.0.25 - 6122748 (August 22, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 29133

Download

2.0.24 - 6076227 (August 17, 2023)

Integrations

Abnormal Security

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 29026

Download

2.0.23 - 5940472 (August 2, 2023)

Integrations

Abnormal Security

Updated the Docker image to: demisto/python3:3.10.12.66339.

Related pull requests:
- 28699

Download

2.0.22 - R5866730 (July 25, 2023)

Integrations

Abnormal Security

Updated the Docker image to: demisto/python3:3.10.12.65389.

Related pull requests:
- 28328

Download

2.0.21 - R5801668 (July 18, 2023)

Integrations

Abnormal Security

All commands now use 300s (from 60s) HTTP request timeout to reflect server-side changes
Update documentation for abnormal-security-list-threats for deprecated lastModifiedTime filter parameter
Fix examples and documentation for filter values for datetimes for abnormal-security-list-abnormal-cases, abnormal-security-list-threats filter, and abnormal-security-list-abuse-mailbox-campaigns
Deprecate command abnormal-security-get-latest-threat-intel-feed

Related pull requests:
- 27811
- 27889

Download

2.0.20 - 5649943 (June 29, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 27802

Download

2.0.19 - 5588925 (June 22, 2023)

Integrations

Abnormal Security

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27628

Download

2.0.18 - 5470583 (June 7, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 27272

Download

2.0.17 - 5410099 (May 31, 2023)

Integrations

Abnormal Security

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 27072

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	July 13, 2021
Last Release	May 29, 2024

Phishing

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.