Abnormal Security

  • Updated on May 18, 2025
  • Published on Apr 8, 2024
  • 2 minute(s) read
Prev Next

Abnormal Security is an email security provider that helps companies protect against targeted email attacks.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Users
  • Alerts/Incidents
Note:

This adapter only brings users that have been noted in threats in the past 7 days from the fetch.

Parameters

  1. Host Name or IP Address (required) - The hostname or IP address of the Abnormal Security server.

  2. Email Domain (required) - Email domain for filtering emails inside threats. Example of a valid email domain: axonius.com. Also can be a comma-separated list of email domains, i.e., axonius.com,axonius.io.

  3. Token (required) - An API Token associated with a user account that has permissions to fetch assets. For information on how to generate the token, see Generating the authentication token.

  4. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

  5. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

  6. HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

  7. HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Abnormal Security

Advanced Settings

Note:

Advanced settings can either apply to all connections for this adapter, or to a specific connection. Refer to Advanced Configuration for Adapters.

  1. Enrich Employee with Employee identity - Enable this option to enrich the employee with information from the Employee Identity endpoint.
  2. Enrich Employee with Employee logins - Enable this option to enrich the employee with information from the Employee Login endpoint.
  3. Enrich Employee with Campaigns details - Enable this option to enrich the employee with information from the Campaign Details endpoint.
  4. Enrich Employee with Threats details - CSV - Enable this option to enrich the employee with information from the threats_export/csv endpoint. If this is enabled, then don't enable Enrich Employee with Threats - API.
  5. Enrich Employee with Threats - API - Enable this option to enrich the employee with threat info from the threats endpoint. This will automatically gather the threat details for the employee. If this is enabled, then don't enable Enrich Employee with Threats details - CSV.
  6. Fetch Users of sub type recipient from Recipient Employees - Enable this option to fetch users of the subtype recipient from the Recipient Employees endpoint.
  7. Fetch Incidents of sub type summary from Summaries - Enable this option to fetch incidents of the subtype summary from the Summaries endpoint.
  8. Fetch Incidents of sub type trend from Trends - Enable this option to fetch incidents of the subtype trend from the Trends endpoint.
  9. Fetch Incidents of sub type threats from Incidents: Threats - Enable this option to fetch incidents of the subtype threats from the Incidents: Threats endpoint.
Note:

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.

APIs

Axonius uses the Abnormal Security Client API.

Supported From Version

Supported from Axonius version 6.1


Related articles