Product FAQ: Security Tools Integrations - Abnormal Security
Product FAQs  Security Tools Integrations

Product FAQ: Security Tools Integrations

How does Abnormal integrate?

With Abnormal’s API integration, you now have the ability to connect Abnormal Security with your existing security infrastructure and maximize your security investments. Leverage seamless, bi-directional API integration into your current security stack: SIEM, SOAR, detection tools, ticketing systems, etc. Augment security operation teams with automation and tools to respond quickly and proactively protect the organization.

Abnormal Security integration API is bi-directional: You can leverage the insights provided by Abnormal by pulling a list of threats or details of a specific threat. Or you can also use Abnormal as part of a response to take action on a specific threat or case.

Our technology integrates through output triggers by triggering playbooks in SOAR tools or ticketing systems when incidents occur. We integrate with a range of these tools such as Demisto, ServiceNow, and many more. Abnormal also receives inputs from other security systems and processes. Our Abuse Mailbox integrates and monitors end-user reported messages which simplifies your SOC team workflows that are increasingly dependent on Abuse Mailbox campaign data. Additionally, 3rd party detection tools, such as Proofpoint Targeted Attack Protection can trigger Abnormal to automate removal from mailboxes. You can see our full list of integrations here. 

Integrations Hub enables you to view and set up all currently supported integrations. To access the Integrations Hub, go to the Settings page, then select Integrations from the left menu. Initiating an integration to a 3rd party system may prompt you to enter your credentials or may prompt you to contact Abnormal via email. Simply click on the “+ Connect” button to start the integration process. If you do not see any application supported that you would like to integrate, please contact us. Custom application development enabled by Abnormal’s open API.

Security teams that use Microsoft’s native phishing reporting mechanism can directly integrate with Abuse Mailbox to leverage automated phishing triage, orchestration, remediation, and response. Security teams can benefit from reduced SOC workload, reduced SLA for report response, and help further strengthen the accuracy of Abnormal’s detection model.

ServiceNow

Does Abnormal Security support Service Now?

Yes, we have three options for integrating with ServiceNow:

Option 1 (Recommended): Inbound email actions ticket creation

Abnormal Security creates tickets assigned to a specified ServiceNow user by forwarding metadata to a dedicated ServiceNow inbound email address created by the customer.

Option 2: oAuth-based REST API ticket creation

Abnormal will integrate with the customer’s ServiceNow instance via oAuth and ServiceNow’s REST API to create tickets assigned to the right people.

Option 3: Access token REST API ticket creation

Abnormal will integrate with the customer’s ServiceNow instance via oAuth and ServiceNow’s REST API to create tickets assigned to the right people

We’re happy to have our engineers join a call to assist your team in setting this up. Contact us to learn more about our full ServiceNow integration guide.

Commonly Asked Questions:

How does this integrate into Office 365 and G Suite

Abnormal Security is a Cloud-native platform that integrates via API to your cloud email platform – Office 365 and G-Suite:

  • No MX or any DNS record changes
  • No Journaling or Transport Rules required
  • No impact to existing email security tools
  • 30-second integration into Office 365 tenant
  • 2-minutes to integrate into G-Suite using API scopes

Want to learn more?

Schedule a personalized product demo to see:

  • Threat analytics, insights and reporting
  • Automated Triage, Investigation and response tools
  • Platform integrations into SIEM, SOAR
  • …and more
Automated Triage, Investigation and response tools

Want to learn more?

Schedule a personalized product demo to see:

  • Threat analytics, insights and reporting
  • Automated Triage, Investigation and response tools
  • Platform integrations into SIEM, SOAR
  • …and more