Skip to main content
To learn more, visit the Abnormal documentation.

Parameters

ParameterDescription
Case IDThe ID representing the case. Can be retrieved from the ‘List Cases’ action.

Example Output

{    "insights": [        {            "signal": "Impossible Travel",            "description": "There were signins from distant locations within an impossible-to-travel time interval"        }    ],    "eventTimeline": [        {            "event_timestamp": "2020-05-19T17:47:30Z",            "category": "Risk Event",            "title": "Impossible Travel",            "field_labels": {},            "ip_address": "123.456.78.900",            "location": {                "city": "Aldie",                "state": "Virginia",                "country": "US"            },            "prev_location": {                "city": "Aldie",                "state": "Virginia",                "country": "US"            }        },        {            "event_timestamp": "2020-05-19T17:47:30Z",            "category": "Sign In Event",            "title": "Suspicious Failed Sign In Attempt",            "field_labels": {},            "description": "Suspicious Failed Sign In Attempt for foo@bar.com",            "ip_address": "123.456.78.900",            "isp": "NGCOM",            "browser": "Chrome",            "operating_system": "Windows 10",            "device_trust_type": "string",            "protocol": "Browser",            "application": "GSuite",            "location": {                "city": "Aldie",                "state": "Virginia",                "country": "US"            }        },        {            "event_timestamp": "2020-05-19T17:47:30Z",            "category": "Mail Rule",            "title": "Mail Rule Change",            "rule_name": "Delete all messages rule",            "condition": "hasNoCondition",            "flagging_detectors": "DELETE_ALL"        },        {            "event_timestamp": "2020-05-19T17:47:30Z",            "category": "Mail Sent",            "title": "Unusual Correspondence",            "subject": "Transaction Sent",            "sender": "john.doe@lamronba.com",            "recipient": "Jane Eyre"        },        {            "event_timestamp": "2020-05-19T17:47:30Z",            "category": "Failed MFA Attempt",            "title": "Failed MFA Attempt",            "field_labels": {},            "ip_address": "123.456.78.900",            "browser": "Chrome",            "operating_system": "Windows 10",            "protocol": "Browser",            "application": "GSuite",            "location": {                "city": "Aldie",                "state": "Virginia",                "country": "US"            }        },        {            "event_timestamp": "2020-05-19T17:47:30Z",            "category": "Authentication Events",            "title": "Different Authentication Factor Locations",            "field_labels": {},            "description": "Mismatch between session location and second factor authentication location",            "session_ip": "123.456.78.900 / Indianapolis, IN, US",            "second_factor_ip": "123.456.78.900 / Indianapolis, IN, US",            "used_second_factors": "MOBILE_APP_NOTIFICATION",            "familiarity_statistics": {},            "location": {                "city": "Aldie",                "state": "Virginia",                "country": "US"            }        }    ]}

Workflow Library Example

Get Case Analysis with Abnormal and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop