Axonius Documentation
Start typing to search…

Abnormal Security

Abnormal Security is an email security provider that helps companies protect against targeted email attacks.

Asset Types Fetched

  • Users, Alerts/Incidents
📘

Note

This adapter only brings users that have been noted in threats in the past 7 days from the fetch.

Before You Begin

Ports

  • TCP port 80/443

Authentication Method

  • API Token

APIs

Axonius uses the Abnormal Security Client API.

Permissions

Consult with your vendor for permissions for reading the objects.

Supported From Version

Supported from Axonius version 6.1

Connecting the Adapter in Axonius

To connect the adapter in Axonius, provide the following parameters:

Required Parameters

  1. Host Name or IP Address - The hostname or IP address of the Abnormal Security server.

  2. Email Domain - Email domain for filtering emails inside threats. Example of a valid email domain: axonius.com. Also can be a comma-separated list of email domains, i.e., axonius.com,axonius.io.

  3. Token - An API Token associated with a user account that has permissions to fetch assets. For information on how to generate the token, see Generating the authentication token.

Abnormal Security

Optional Parameters

  1. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

  2. HTTPS Proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.

  3. HTTPS Proxy User Name - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

  4. HTTPS Proxy Password - The password to use when connecting to the server using the HTTPS Proxy.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Advanced Settings

📘

Note

Advanced settings can either apply to all connections for this adapter, or to a specific connection. Refer to Advanced Configuration for Adapters.

  1. Enrich Employee with Employee identity - Enable this option to enrich the employee with information from the Employee Identity endpoint.
  2. Enrich Employee with Employee logins - Enable this option to enrich the employee with information from the Employee Login endpoint.
  3. Enrich Employee with Campaigns details - Enable this option to enrich the employee with information from the Campaign Details endpoint.
  4. Enrich Employee with Threats details - CSV - Enable this option to enrich the employee with information from the threats_export/csv endpoint. If this is enabled, then don't enable Enrich Employee with Threats - API.
  5. Enrich Employee with Threats - API - Enable this option to enrich the employee with threat info from the threats endpoint. This will automatically gather the threat details for the employee. If this is enabled, then don't enable Enrich Employee with Threats details - CSV. If this is enabled, the following setting may be configured.
    • Enrich Threats - API with Threats details - API - Enable this option to enrich threats with information from the threats_export/api endpoint.
  6. Fetch Users of sub type recipient from Recipient Employees - Enable this option to fetch users of the subtype recipient from the Recipient Employees endpoint.
  7. Fetch Incidents of sub type summary from Summaries - Enable this option to fetch incidents of the subtype summary from the Summaries endpoint.
  8. Fetch Incidents of sub type trend from Trends - Enable this option to fetch incidents of the subtype trend from the Trends endpoint.
  9. Fetch Incidents of sub type threats from Incidents: Threats - Enable this option to fetch incidents of the subtype threats from the Incidents: Threats endpoint.
📘

Note

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.

Updated 2 days ago