Overview
Abnormal Security is an AI-driven email security platform that detects advanced phishing, business email compromise (BEC), and account takeover attacks. The Pwnbook integration surfaces email threat detections from Abnormal so security teams can monitor email-based attacks alongside vulnerability findings and incident data.Prerequisites
- An Abnormal Security account
- Admin access in Abnormal Security to generate API keys
- Admin or Owner access in Pwnbook
Credentials required
| Field | Description |
|---|---|
| API Key | API key from the Abnormal Security portal |
Setup
Get your Abnormal Security API key
- Log in to the Abnormal Security portal at portal.abnormalsecurity.com.
- Go to Settings → Integrations → API.
- Generate a new API key and copy it.
What gets synced
Threat detections
| Data | Description |
|---|---|
| Threat type | Attack category: phishing, BEC, account takeover, malware delivery, etc. |
| Severity | Abnormal’s risk severity rating |
| Subject line | Email subject (sanitized) |
| Sender | Sending email address and display name |
| Recipients | Who the attack was sent to (count and user list) |
| Detection time | When Abnormal detected and remediated the threat |
| Action taken | Auto-remediated, quarantined, or reported |
Account takeover
| Data | Description |
|---|---|
| Compromised account | User account flagged for abnormal behavior |
| Indicators | Suspicious login locations, impossible travel, new device activity |
| Detection time | When the anomalous behavior was detected |
Workbench card
The Abnormal Security workbench card shows:- Threats detected in the last 7 days, broken out by type
- Account takeover alerts
- Recent high-severity detections
Viewing in Pwnbook
The full Abnormal Security view shows:- Threats tab: filterable list of detected email threats with type, severity, and status
- Account takeovers tab: flagged accounts with detection indicators
Disconnecting
- Go to Organization Settings → Marketplace → Abnormal Security.
- Click Disconnect.
- Confirm.