Abnormal Security is a cloud email security platform.
Torq enables quick and easy integration with Abnormal Security, so you can automate anything and everything within moments. Torq's public Abnormal Security steps include:
Check Case Action Status
Check Threat Action Status
Get Abuse Campaign
Get Case Analysis
+18 more...
If you don't see a step you need, you can create your own in various ways, such as using the Send an HTTP Request step or Torq’s Step Builder, and share it across your organization.
Trigger a Torq workflow from Abnormal Security events
Abnormal Security can deliver security events to Torq in near-real time using an HTTPS webhook. To ingest these events as triggers in Torq, you create an Abnormal Security trigger integration and plug the generated webhook URL into the Abnormal portal.
Step One: Create an Abnormal Security trigger integration in Torq
Add the integration: Go to Build > Integrations > Triggers > Abnormal Security and click Add.
Name the integration: Give the integration a unique and meaningful name. This cannot be changed later.
Set an authentication header: Define an auth header for the webhook by entering a Header Name and a secret value. Copy both — you will enter the matching values in the Abnormal portal later.
Finalize: Click Add, then copy the generated webhook URL (https://hooks.torq.io/...). You will need this URL for the Abnormal portal.
Step Two: Configure the webhook in the Abnormal portal
Open the integrations page: In the Abnormal portal, go to Settings > Integrations.
Connect the webhook: On the SIEM Webhook tile, click + Connect.
Enter the following information, then click Save:
Webhook URL: Paste the https://hooks.torq.io/... URL you generated in Torq earlier.
Authentication Type: Select Custom Header.
Header Name: Enter the same header name you set on the Torq webhook.
Header Value: Enter the same secret value you set on the Torq webhook.
Verify: Saving automatically initiates a verification event. When you return to Settings > Integrations, the SIEM Webhook tile shows Connected if verification succeeded, or Action Required if the credentials don't match.
Build a workflow from the trigger
Now that you've created an Abnormal Security trigger, you can build your first Abnormal-initiated workflow. In Torq, go to Build > Workflows > Create a Workflow > New Blank Workflow, and select the trigger type: Integrations > Abnormal Security. Find your new trigger, and automate away!
Use Abnormal Security steps in Torq
Step One: Generate an Abnormal Security access token
Open Abnormal Security: Navigate to Settings > Integrations.
Create the Access Token: In the Additional Integrations section, click Connect on the Abnormal REST API card.
Finalize: Copy the API access token to save it for later.
Step Two: Create an Abnormal Security steps integration in Torq
Navigate to the Integration: Go to Build > Integrations > Steps > Abnormal Security and click Add Instance.
Configure the Integration:
Give the integration a unique and meaningful name.
Paste the Abnormal Security access token that you copied earlier.
Finalize: Click Add.




