chat
expand_more

Introducing ThreatIntelBase

ThreatIntelBase adds cross-platform IP intelligence to Abnormal’s Knowledge Bases, giving analysts rich threat context to streamline investigations and strengthen response.
May 13, 2024
Major Release
Platform

ThreatIntelBase surfaces and aggregates behaviorally derived cross-customer and cross-platform threat intelligence to improve threat hunting and incident response efforts, streamlining SOC processes.

This intelligence is designed to provide critical insights related to unexpected or known bad IP addresses. You can query ThreatIntelBase for an IP address to view an Abnormal threat report, which includes: IoC metadata, associated APTs, common attacks, behavioral patterns, and any malicious activity within a customer’s environment or Abnormal’s federated network.

Knowledge Bases share Abnormal’s understanding of a company’s people, tenants, vendors, and applications.

  • Provide a key starting point to investigate suspicious activity across the cloud email platform. The addition of IP intelligence from ThreatIntelBase provides another critical piece of information for analysts when remediating email attacks or account takeovers.
  • Represent the foundation of Abnormal’s Human Behavior AI Platform. Abnormal creates a deep understanding of each customer’s users, vendors, tenants, applications, and IP addresses, surfacing any deviation from the established behavior baselines in Knowledge Bases. Analysts can use this list of potentially high-risk information to understand their cloud email attack surface and better protect their organization.

Get the Latest Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.