Get details of a threat.

External Documentation

To learn more, visit the Abnormal documentation.

Parameters

ParameterDescription
Threat IDThe ID representing the threat. Can be retrieved from the ‘List Threats’ action.

Example Output

{
	"threatId": "<string>",
	"messages": [
		{
			"abxMessageIdStr": "<string>",
			"abxMessageId": 320924522410057650,
			"abxPortalUrl": "<string>",
			"attachmentCount": 2,
			"attachmentNames": [],
			"attackStrategy": "<string>",
			"attackType": "<string>",
			"attackVector": "<string>",
			"attackedParty": "<string>",
			"autoRemediated": true,
			"impersonatedParty": "<string>",
			"internetMessageId": "<string>",
			"isRead": true,
			"postRemediated": false,
			"recipientAddress": "<string>",
			"remediationStatus": "<string>",
			"remediationTimestamp": "2025-04-04T21:30:41.974074Z",
			"sentTime": "2025-03-27T16:50:07Z",
			"ccEmails": [],
			"replyToEmails": [],
			"returnPath": "<string>",
			"senderDomain": "<string>",
			"senderIpAddress": "<string>",
			"summaryInsights": [
				"<string>",
				"<string>"
			],
			"urlCount": 0,
			"urls": [],
			"fromAddress": "<string>",
			"fromName": "<string>",
			"receivedTime": "2025-03-27T16:50:15Z",
			"subject": "<string>",
			"threatId": "<string>",
			"toAddresses": [
				"<string>"
			]
		}
	]
}

Workflow Library Example

Get Threat with Abnormal and Send Results Via Email

Preview this Workflow on desktop