When Abnormal processes messages, we perform a set of sender authentication checks based on the protocols SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting, and Conformance). The results of these checks are displayed on the Email Details Page. Customers can now access this information as a new field in the Email Threats event type, allowing for ingestion into their SIEM integrations to extract relevant information to create incident response workflows. All this will be possible without having to manually access the Portal.
Sender Authentication Results are Now Available in SIEM Events
SPF, DKIM, and DMARC results are now included in Email Threats events for SIEM ingestion and automated incident response workflows.