Abnormal Security

Integrating Abnormal Security with ThreatDefence allows you to ingest advanced email security telemetry—including phishing detections, business email compromise (BEC) alerts, and behavioral anomaly signals—directly into ThreatDefence. This ensures that identity and email-based threats are correlated with other security data for end-to-end monitoring and incident response.

Step 1. Obtain API Credentials and Configure IP Safelist

Sign in to the Abnormal Portal.
Navigate to Settings → Integrations.
Locate the Abnormal REST API integration and click + Connect.
Copy and save the Access Token securely (e.g., in a password vault). You will provide this to ThreatDefence later.
In the IP Safelist field, add the ThreatDefence SOC collector IP address ranges.

Note: Your ThreatDefence representative will provide the correct IP addresses to safelist.

Step 2. Provide Credentials to ThreatDefence

Send the following details to your ThreatDefence representative at [email protected]:

Access Token (from Step 1)
Host — based on your region:
- US: api.abnormalplatform.com
- EU: eu.rest.abnormalsecurity.com
Credential Expiry — (optional) if your token has an expiration date.

ThreatDefence will configure ingestion so Abnormal Security event data is collected and correlated within the ThreatDefence SecOps platform.

PreviousMimecast NextDNS Security

Last updated 26 days ago