Contents x
    Abnormal Security
    • 28 Nov 2024
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Abnormal Security

    • Updated on 28 Nov 2024
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Abnormal Security is an email security provider that helps companies protect against targeted email attacks.

    Types of Assets Fetched

    This adapter fetches the following types of assets:

    • Users
    Note:

    This adapter only brings users that have been noted in threats in the past 7 days from the fetch.

    Parameters

    1. Host Name or IP Address (required) - The hostname or IP address of the Abnormal Security server.

    2. Email Domain (required) - Email domain for filtering emails inside threats. Example of a valid email domain: axonius.com. Also can be a comma-separated list of email domains, i.e., axonius.com,axonius.io.

    3. Token (required) - An API Token associated with a user account that has permissions to fetch assets. For information on how to generate the token, see Generating the authentication token.

    4. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

    5. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

    6. HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

    7. HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.

    To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

    Abnormal Security

    Advanced Settings

    Note:

    Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

    1. Enrich Employee with Employee identity - Toggle on to enrich the employee with information from the Employee Identity endpoint.
    2. Enrich Employee with Employee logins - Toggle on to enrich the employee with information from the Employee Login endpoint.
    3. Enrich Employee with Campaigns details - Toggle on to enrich the employee with information from the Campaign Details endpoint.
    4. Enrich Employee with Threats details - CSV - Toggle on to enrich the employee with information from the threats_export/csv endpoint. If this is enabled, then don't enable Enrich Employee with Threats - API.
    5. Enrich Employee with Threats - API - Toggle on to enrich the employee with threat info from the threats endpoint. This will automatically gather the threat details for the employee. If this is enabled, then don't enable Enrich Employee with Threats details - CSV.
    6. Fetch Users of sub type recipient from Recipient Employees - Toggle on to fetch users of the subtype recipient from the Recipient Employees endpoint.
    7. Fetch Incidents of sub type summary from Summaries - Toggle on to fetch incidents of the subtype summary from the Summaries endpoint.
    8. Fetch Incidents of sub type trend from Trends - Toggle on to fetch incidents of the subtype trend from the Trends endpoint.
    Note:

    To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.

    APIs

    Axonius uses the Abnormal Security Client API.

    Supported From Version

    Supported from Axonius version 6.1


    Was this article helpful?
    What's Next