Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
---|---|---|---|---|---|---|---|
Abnormal Threats | ✅ | ✅ | abnormal_threats | NDJSON | API |
Overview
Abnormal Security is an email security company that protects enterprises and organizations from targeted email attacks.
Integrating Abnormal into Hunters allows the collection and ingestion of the Abnormal Threats into the data lake. Furthermore, alerts will be created over the logs, auto-investigated and correlated to other related signals.
Supported data types
Abnormal Threats
Table name: abnormal_threats
Managing threats to an organization identified by Abnormal Security. The organization should be integrated with Abnormal Security and enabled for real-time detection of malicious emails.
Send data to Hunters
Hunters supports the collection of Abnormal Threats logs using API.
To connect Abnormal Threats logs:
Follow the "Integration Steps" under this guide by Abnormal to acquire a
token
.Complete the process on the Hunters platform, following this guide.
📘IP Whitelisting
Abnormal allows to leverage a second layer of protection by restoring the API access per token to specific IPs. If required, add the IPs from this IPs list to Abnormal, as specified in the documentation above.