https://catalogartifact.azureedge.net/publicartifacts/abnormalsecuritycorporation1593011233180.fe1b4806-215b-4610-bf95-965a7a65579c-7ed39af9-9a7d-4771-a9e1-6a85005510b3/image0_abnormallogo.png
Abnormal Security Events
โดย Abnormal Security Corporation
Just a moment, logging you in...
Data Connector for Abnormal Security's REST API
Abnormal Security for Microsoft Sentinel empowers security operations teams to unify their email threat intelligence within Microsoft's cloud-native SIEM platform. By streaming high-fidelity security event data directly into your Sentinel environment, this integration enables SOC analysts to correlate sophisticated email-based attacks - such as business email compromise, phishing, and social engineering - with signals from across the broader security ecosystem.
Abnormal Security leverages behavioral AI to detect the advanced, never-before-seen attacks that legacy email gateways miss. The platform builds a baseline of normal behavior for every identity in your organization by analyzing thousands of unique signals across communication patterns, relationships, and metadata. When attackers deviate from these established baselines -whether through impersonation, account compromise, or vendor fraud - Abnormal autonomously detects and remediates the threat. This integration brings that unmatched detection intelligence directly into Microsoft Sentinel.
With this connector, security teams gain access to Threat Log events, Account Takeover notifications, and case-level insights streamed in near real-time into their Log Analytics Workspace. This eliminates manual data retrieval, reduces alert fatigue, and accelerates incident response by placing Abnormal's behavioral AI-driven detections alongside firewall, endpoint, identity, and cloud security data - all within a single pane of glass.
Purpose-built for enterprise security operations, this integration serves organizations across every industry that rely on Microsoft Sentinel as their central security analytics platform. Whether in financial services, healthcare, government, technology, or any sector where email remains the primary attack vector, Abnormal's integration ensures that the most dangerous and evasive threats are surfaced, correlated, and actioned within existing SOC workflows.