Skip to main content
Abnormal Security

Overview

Abnormal Security is an AI-driven email security platform that detects advanced phishing, business email compromise (BEC), and account takeover attacks. The Pwnbook integration surfaces email threat detections from Abnormal so security teams can monitor email-based attacks alongside vulnerability findings and incident data.

Prerequisites

  • An Abnormal Security account
  • Admin access in Abnormal Security to generate API keys
  • Admin or Owner access in Pwnbook

Credentials required

FieldDescription
API KeyAPI key from the Abnormal Security portal

Setup

1

Get your Abnormal Security API key

  1. Log in to the Abnormal Security portal at portal.abnormalsecurity.com.
  2. Go to Settings → Integrations → API.
  3. Generate a new API key and copy it.
If you don’t see API settings, ensure your Abnormal account plan includes API access or contact your Abnormal account team.
2

Configure in Pwnbook

  1. Go to Organization Settings → Marketplace → Abnormal Security.
  2. Paste your API Key.
  3. Click Save & Test — Pwnbook verifies access by listing recent threat campaigns.

What gets synced

Threat detections

DataDescription
Threat typeAttack category: phishing, BEC, account takeover, malware delivery, etc.
SeverityAbnormal’s risk severity rating
Subject lineEmail subject (sanitized)
SenderSending email address and display name
RecipientsWho the attack was sent to (count and user list)
Detection timeWhen Abnormal detected and remediated the threat
Action takenAuto-remediated, quarantined, or reported

Account takeover

DataDescription
Compromised accountUser account flagged for abnormal behavior
IndicatorsSuspicious login locations, impossible travel, new device activity
Detection timeWhen the anomalous behavior was detected

Workbench card

The Abnormal Security workbench card shows:
  • Threats detected in the last 7 days, broken out by type
  • Account takeover alerts
  • Recent high-severity detections

Viewing in Pwnbook

The full Abnormal Security view shows:
  • Threats tab: filterable list of detected email threats with type, severity, and status
  • Account takeovers tab: flagged accounts with detection indicators

Disconnecting

  1. Go to Organization Settings → Marketplace → Abnormal Security.
  2. Click Disconnect.
  3. Confirm.