Skip to content

Abnormal Security

Abnormal Security provides email threat monitoring, account takeover activity, audit log events, and more via a direct to Chronicle integration method.

Chronicle Data Types

  • ABNORMAL_SECURITY

Configuration Prerequisites

You must obtain the following information before proceeding with setting up this integration

  • Google Chronicle customer ID: To access the ID, navigate to Google Chronicle Settings => Profile => Organization Details => Customer ID
  • Service Account Credentials: These credentials are provided by Google support and may require you or your Customer Success Manager to open a Chronicle support case to get this information
  • Google Chronicle URL: The Chronicle URL changes depending on your location. Please view Google's regional endpoint documentation to find your specific endpoint

Configuration

Note

Completion of this portion of the setup requires access to the Abnormal Portal

  • Log into the Abnormal Portal
  • Click settings => Integrations
  • Find the Google Chronicle icon and click the Connect button
  • Enter the information gathered above
  • Click save and if prompted with a confirmation box click confirm