> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pwnbook.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Abnormal Security

> View email threat detections from Abnormal Security in Pwnbook's Security Workbench.

<img src="https://mintlify.s3.us-west-1.amazonaws.com/pwnbook/logos/abnormal.svg" alt="Abnormal Security" style={{ height: "32px", marginBottom: "16px" }} />

## Overview

Abnormal Security is an AI-driven email security platform that detects advanced phishing, business email compromise (BEC), and account takeover attacks. The Pwnbook integration surfaces email threat detections from Abnormal so security teams can monitor email-based attacks alongside vulnerability findings and incident data.

## Prerequisites

* An Abnormal Security account
* Admin access in Abnormal Security to generate API keys
* Admin or Owner access in Pwnbook

## Credentials required

| Field       | Description                               |
| ----------- | ----------------------------------------- |
| **API Key** | API key from the Abnormal Security portal |

## Setup

<Steps>
  <Step title="Get your Abnormal Security API key">
    1. Log in to the Abnormal Security portal at [portal.abnormalsecurity.com](https://portal.abnormalsecurity.com).
    2. Go to **Settings → Integrations → API**.
    3. Generate a new API key and copy it.

    If you don't see API settings, ensure your Abnormal account plan includes API access or contact your Abnormal account team.
  </Step>

  <Step title="Configure in Pwnbook">
    1. Go to **Organization Settings → Marketplace → Abnormal Security**.
    2. Paste your **API Key**.
    3. Click **Save & Test** — Pwnbook verifies access by listing recent threat campaigns.
  </Step>
</Steps>

## What gets synced

### Threat detections

| Data               | Description                                                              |
| ------------------ | ------------------------------------------------------------------------ |
| **Threat type**    | Attack category: phishing, BEC, account takeover, malware delivery, etc. |
| **Severity**       | Abnormal's risk severity rating                                          |
| **Subject line**   | Email subject (sanitized)                                                |
| **Sender**         | Sending email address and display name                                   |
| **Recipients**     | Who the attack was sent to (count and user list)                         |
| **Detection time** | When Abnormal detected and remediated the threat                         |
| **Action taken**   | Auto-remediated, quarantined, or reported                                |

### Account takeover

| Data                    | Description                                                        |
| ----------------------- | ------------------------------------------------------------------ |
| **Compromised account** | User account flagged for abnormal behavior                         |
| **Indicators**          | Suspicious login locations, impossible travel, new device activity |
| **Detection time**      | When the anomalous behavior was detected                           |

## Workbench card

The Abnormal Security workbench card shows:

* Threats detected in the last 7 days, broken out by type
* Account takeover alerts
* Recent high-severity detections

## Viewing in Pwnbook

The full Abnormal Security view shows:

* **Threats** tab: filterable list of detected email threats with type, severity, and status
* **Account takeovers** tab: flagged accounts with detection indicators

## Disconnecting

1. Go to **Organization Settings → Marketplace → Abnormal Security**.
2. Click **Disconnect**.
3. Confirm.
