--- title: Abnormal Security description: Integrate with Abnormal Security to get threats, cases, and audit logs. breadcrumbs: Docs > Integrations > Abnormal Security --- # Abnormal Security Abnormal Overview Dashboard ## Overview{% #overview %} Abnormal Security provides comprehensive email protection using a platform that understands human behavior. It protects against attacks that exploit human behavior, including phishing, social engineering, and account takeovers. Datadog's integration with Abnormal Security collects logs using [Abnormal Security's API](https://app.swaggerhub.com/apis/abnormal-security/abx/1.4.3#/info), which generates three types of logs: - **Threat Logs**: Threat logs include any malicious activity or attack that could harm an organization, its data, or personnel. - **Case Logs**: Case logs include Abnormal Cases that are identified by Abnormal Security. These cases usually include related threats within them. **Note:** The Account Takeover product is required to collect Case Logs. - **Audit Logs**: These logs include actions taken on the Abnormal portal. ## Setup{% #setup %} ### Configuration{% #configuration %} 1. Sign into your [Abnormal Security Account](https://portal.abnormalsecurity.com/home/settings/integrations). 1. Click **Abnormal REST API**. 1. Retrieve your authentication token on the Abnormal portal and input it in the account table. This token is used to view your Abnormal detected threats, cases, and audit logs. ### Validation{% #validation %} 1. Ensure you have a log index configured for `source:abnormal-security` in your Datadog account. 1. After configuration, logs should appear in the [Log Explorer](https://docs.datadoghq.com/logs/explorer.md) within 5 minutes. You can access the Log Explorer directly from the **Data Collected** tab of the Abnormal Security integration tile. 1. Filter logs by `source:abnormal-security` to view your Abnormal Security threat, case, and audit logs. 1. If utilizing this integration with our [Cloud SIEM](https://www.datadoghq.com/product/cloud-siem/) product, we recommend complementing with our [Abnormal Security Content Pack](https://docs.datadoghq.com/security/cloud_siem/content_packs.md#email_security). ## Data Collected{% #data-collected %} ### Metrics{% #metrics %} The Abnormal Security integration does not include any metrics. ### Log Collection{% #log-collection %} Abnormal Security Incidents, Cases, and Audit logs will show up under the source `abnormal-security`. ### Events{% #events %} The Abnormal Security integration does not include any events. ### Service Checks{% #service-checks %} The Abnormal Security integration does not include any service checks. ## Troubleshooting{% #troubleshooting %} Need help? Contact [Datadog support](https://docs.datadoghq.com/help/).