Abnormal now provides expanded attachment metadata visibility across all attack, spam, and borderline messages that contain attachments. This update improves investigation completeness by ensuring consistent attachment details in the Portal, REST API, and SIEM exports.
Expanded Attachment Visibility
Attachment metadata now available in Message Details View
REST API support for /messages/{message_id}/attachment/{attachment_name}
New attachment_analysis field in SIEM “Email Threats” events
Richer Investigation Context
Includes file hashes (MD5, SHA256, SHA1), type, and size
Supports improved artifact correlation across security workflows
No Configuration Changes Required
Existing workflows remain unchanged
No action required by admins
This update strengthens investigation depth and consistency without introducing operational disruption.