# Abnormal Security Integrating **Abnormal Security** with **CybrHawk** allows you to ingest advanced email security telemetry—including phishing detections, business email compromise (BEC) alerts, and behavioral anomaly signals—directly into CybrHawk. This ensures that identity and email-based threats are correlated with other security data for end-to-end monitoring and incident response. *** ## Step 1. Obtain API Credentials and Configure IP Safelist 1. Sign in to the **Abnormal Portal**. 2. Navigate to **Settings → Integrations**. 3. Locate the **Abnormal REST API integration** and click **+ Connect**. 4. Copy and save the **Access Token** securely (e.g., in a password vault). You will provide this to CybrHawk later. 5. In the **IP Safelist** field, add the CybrHawk SOC collector IP address ranges. > **Note:** Your CybrHawk representative will provide the correct IP addresses to safelist. *** ## Step 2. Provide Credentials to CybrHawk Send the following details to your CybrHawk representative at [**socv2@cybrhawk.com**](mailto:socv2@cybrhawk.com): * **Access Token** (from Step 1) * **Host** — based on your region: * **US:** `api.abnormalplatform.com` * **EU:** `eu.rest.abnormalsecurity.com` * **Credential Expiry** — (optional) if your token has an expiration date. CybrHawk will configure ingestion so that Abnormal Security event data is collected and correlated within the CybrHawk SecOps platform. *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cybrhawksoc.gitbook.io/cybrhawk-docs/siem-integrations/email-security/abnormal.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.