Abnormal Security Events

Solution: AbnormalSecurity

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Solutions Index

---

Attribute	Value
Publisher	Abnormal Security
Support Tier	Partner
Support Link	https://abnormalsecurity.com/contact
Categories	domains
Version	3.0.0
Author	AbnormalSecurity - support@abnormalsecurity.com
First Published	2021-10-20
Last Updated	2026-02-17
Solution Folder	AbnormalSecurity
Marketplace	Azure Marketplace · Popularity: 🟡 Low (29%)

The Abnormal Security solution provides real-time security event ingestion from Abnormal's cloud email security platform into Microsoft Sentinel. Supports both push-based (CCF Push) and pull-based (Azure Functions) connectors. The push connector routes events to per-event-type tables (threats, cases, audit logs, abuse mailbox, posture changes, ATO cases, remediations, vendor cases) using the Codeless Connector Framework.

Data Connectors

This solution provides 2 data connector(s):

• AbnormalSecurity 🔶
• Abnormal Security (Push)

🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Tables Used

This solution uses 11 table(s):

Table	Used By Connectors	Used By Content
ABNORMAL_CASES_CL	AbnormalSecurity	-
ABNORMAL_SECURITY_ABUSE_MAILBOX_CL	Abnormal Security (Push)	-
ABNORMAL_SECURITY_ATO_CASE_CL	Abnormal Security (Push)	-
ABNORMAL_SECURITY_AUDIT_LOG_CL	Abnormal Security (Push)	-
ABNORMAL_SECURITY_CASE_CL	Abnormal Security (Push)	-
ABNORMAL_SECURITY_POSTURE_CHANGE_CL	Abnormal Security (Push)	-
ABNORMAL_SECURITY_REMEDIATION_CL	Abnormal Security (Push)	-
ABNORMAL_SECURITY_THREAT_LOG_CL	Abnormal Security (Push)	-
ABNORMAL_SECURITY_VENDOR_CASE_CL	Abnormal Security (Push)	-
ABNORMAL_THREAT_MESSAGES_CL 🔶	AbnormalSecurity	-
AbnormalSecurityLogs_CL	Abnormal Security (Push)	-

🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.0	04-03-2026	Added CCF Push connector with multi-table routing (9 tables), DeployPushConnectorButton, and OAuth 2.0 authentication. Legacy Azure Functions connector retained for backward compatibility.
2.0.1	29-06-2023	Renaming Azure Function to Azure Functions in Data Connector Description and Updated the python runtime version to 3.11

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Solutions Index