Abnormal Security is a behavioral AI-based email security platform that learns the behavior of every identity in a cloud email environment and analyzes the risk of every event to block the most sophisticated attacks. DNIF can collect, normalize, and monitor Abnormal Security threat logs to help you identify suspicious activity within your workspace in real time.
Pre-requisites
- Access Token
Steps to derive prerequisites:
- Sign in to the Abnormal Security platform.
- In the Manage section, click on the Settings option.
In the Settings section, click on the Integrations option.
4. Scroll down to the Additional Integrations section and click + Connect on the Abnormal REST API card to display an integration page for your organization.
5. In the IP Safelist field, enter the IP addresses for your deployment.
6. Copy and save the Access token.Configurations
The following are the configurations to forward Abnormal Security Connector logs to DNIF.
Field Name |
Description |
Connector Name |
Enter a name for the connector |
API Key |
Enter the Access Token for Abnormal Security. |
- Click Save after entering all the required details and click Test Connection, to test the configuration.
- A Connection successful message will be displayed on screen along with the time stamp.
- If the connection is not successful an error message will be displayed. Refer Troubleshooting Connector Validations for more details on the error message.
Once the connector is configured, validate if the connector is listed under Collection Status screen with status as Active. This signifies the connector is configured successfully and data is ready to ingest.