Configure Abnormal Cloud Email Security for Arctic Wolf monitoring

You can configure Abnormal Cloud Email Security® to send the necessary logs to Arctic Wolf® for security monitoring.

These resources are required:

  • Administrator access to the Abnormal Portal
  • (Optional) Prise de contrôle de compte (ATO) Protection license, to receive ATO alerts

Create API token

  1. Sign in to the Abnormal Portal.
  2. Click Settings > Integrations.
  3. In the API Token Management section, click + Create New Token.
  4. For the integration type, select REST API, and then click Next.
  5. For the token scope, select Tenant (Single Tenant), set the tenant to Arctic Wolf Networks, and then click Next.
  6. For token access, select these options:

    • Access type — Custom Access

    • API endpoints — Threats — Read Access, Cases — Read Access, and Audit Logs — Read Sensitive Access

  7. Set the token name.

    For example, Arctic Wolf monitoring token or Arctic Wolf AR token, as appropriate.

  8. For the token expiration period, select the value that meets your organizational security requirements.
  9. In the IP Safelist field, add the Arctic Wolf Cloud Sensors IP address ranges.
  10. Click Create Token.
  11. Copy the token value to a safe, encrypted location to provide to Arctic Wolf later.
  12. Click Done.

Provide Abnormal Security credentials to Arctic Wolf

  1. Connectez-vous à Portail unifié Arctic Wolf.
  2. In the navigation menu, click Data Collection > Cloud Sensors.
  3. Click Add Account +.
  4. On the Add Account page, click Abnormal Security.
  5. Configure these settings:

    • Account Name — Enter a unique and descriptive name for the account.

    • Access Token — Enter the API token value from Create API token.Create API token
    • HostSelect the appropriate option for your region:

      • US — api.abnormalplatform.com

      • EU — eu.rest.abnormalsecurity.com

    • Credential Expiry — Enter the credential expiration date, if applicable.

  6. Click Test and submit credentials.