Abnormal Security

the abnormal security connector enables automated interaction with the abnormal security platform, facilitating threat detection, case management, and incident analysis abnormal security offers a cutting edge email security platform that leverages behavioral data science to identify and block modern email attacks this connector enables swimlane turbine users to automate the retrieval and management of threat intelligence, case details, and email security incidents directly within the swimlane ecosystem by integrating with abnormal security, users can streamline their security operations, enhance incident response, and leverage detailed threat insights to protect against sophisticated email based threats limitations none to date supported versions this abnormal security connector uses the latest version api additional docs abnormal security swagger api documentation https //app swaggerhub com/apis/abnormal security/abx/1 4 0#/threats/get threats prerequisites before utilizing the abnormal security connector for swimlane turbine, ensure you have the following prerequisites http bearer authentication with the following parameters url endpoint for the abnormal security api authentication token secure token used for authenticating api requests authentication methods abnormal security http bearer authentication the abnormal security http bearer authentication connector uses the http bearer authentication method to connect to the abnormal security api the following are required to set up the asset token the token generated from abnormal security http bearer authentication url the url endpoint for the abnormal security http bearer authentication api capabilities abuse campaigns list campaign details case action status case analysis case details case management detection 360 reports download a message in eml format download the attachment in an email as a file employee genome analysis employee information get attachment get details of the remediation history list vendors non analyzed messages and so on action setup get threats note the input parameter filter is an odata based filter which only supports two values attacktype and attackedparty to filter threats to only those with extortion intent use attacktype+eq+'extortion' to filter threats to only received by vips in your organization use attackedparty+eq+'vip' see the following for more information odata based filters https //www odata org/documentation/abnormal security swagger api documentation https //app swaggerhub com/apis/abnormal security/abx/1 4 0#/threats/get threats configurations abnormal security http bearer authentication authenticates using bearer token configuration parameters parameter description type required url a url to the target host string required token the api token string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions download a message in eml format retrieve an email message in eml format from abnormal security using the specified message id endpoint url /messages/{{message id}}/download method get input argument name type required description message id number required the abx message id of a message output parameter type description status code number http status code of the response reason string response reason phrase file object attachments file string output field file file name string name of the resource example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "file" { "file" "string", "file name" "example name" } } ] download the attachment in an email as a file downloads a specified attachment from an email in abnormal security using the message id and attachment name endpoint url /messages/{{message id}}/attachment/{{attachment name}}/download method get input argument name type required description message id number required the abx message id of a message attachment name string required the attachment name of an attachment belonging to an email message headers object optional http headers for the request mock data string optional returns test data if set to true output parameter type description status code number http status code of the response reason string response reason phrase file object attachments file string output field file file name string name of the resource example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "file" { "file" "string", "file name" "example name" } } ] campaign details retrieve detailed information about an abuse mailbox campaign by its unique id in abnormal security endpoint url /v1/abusecampaigns/{{id}} method get input argument name type required description id string required unique identifier headers object optional http headers for the request mock data boolean optional response data output parameter type description status code number http status code of the response reason string response reason phrase campaignid string unique identifier firstreported string output field firstreported lastreported string output field lastreported messageid string unique identifier subject string output field subject fromname string name of the resource fromaddress string output field fromaddress recipientname string name of the resource recipientaddress string output field recipientaddress judgementstatus string status value overallstatus string status value attacktype string type of the resource example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "campaignid" "fff51768 c446 34e1 97a8 9802c29c3ebd", "firstreported" "2020 11 11t13 11 40 08 00", "lastreported" "2020 11 11t13 11 40 08 00", "messageid" " 1234567891011121314", "subject" "fwd this is spam", "fromname" "support", "fromaddress" "support\@secure reply org", "recipientname" "tom", "recipientaddress" "example\@example com", "judgementstatus" "malicious", "overallstatus" "could not find original message", "attacktype" "malicious phishing" } } ] abuse campaigns list retrieve a list of reported campaigns from the abuse mailbox in abnormal security endpoint url /v1/abusecampaigns method get input argument name type required description filter string optional parameter for abuse campaigns list sender string optional parameter for abuse campaigns list recipient string optional parameter for abuse campaigns list subject string optional parameter for abuse campaigns list reporter string optional parameter for abuse campaigns list attacktype string optional type of the resource threattype string optional type of the resource pagesize number optional parameter for abuse campaigns list pagenumber number optional parameter for abuse campaigns list headers object optional http headers for the request mock data boolean optional response data output parameter type description status code number http status code of the response reason string response reason phrase campaigns array output field campaigns campaignid string unique identifier pagenumber number output field pagenumber nextpagenumber number output field nextpagenumber example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "campaigns" \[], "pagenumber" 1, "nextpagenumber" 2 } } ] get attachment in an email message retrieves the details of a specified attachment from an email message in abnormal security using the message id and attachment name endpoint url /messages/{{message id}}/attachment/{{attachment name}} method get input argument name type required description message id number required the abx message id of a message attachment name string required the attachment name of an attachment belonging to an email message headers object optional http headers for the request mock data string optional returns test data if set to true output parameter type description status code number http status code of the response reason string response reason phrase attachmentname string name of the resource type string type of the resource details array output field details md5 string output field md5 sha1 string output field sha1 sha256 string output field sha256 size string output field size createdon string output field createdon lastupdated string output field lastupdated url array url endpoint for the request keyphrases array output field keyphrases example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "attachmentname" "example name", "type" "string", "details" \[], "md5" "string", "sha1" "string", "sha256" "string", "size" "string", "createdon" "string", "lastupdated" "string", "url" \[], "keyphrases" \[] } } ] case details retrieve detailed case information from abnormal security using a specific case id endpoint url /v1/cases/{{caseid}} method get input argument name type required description caseid string required unique identifier headers object optional http headers for the request mock data boolean optional response data output parameter type description status code number http status code of the response reason string response reason phrase caseid string unique identifier severity string output field severity affectedemployee string output field affectedemployee firstobserved string output field firstobserved threatids array unique identifier example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "caseid" "1234", "severity" "potential account takeover", "affectedemployee" "firstname lastname", "firstobserved" "2020 06 09t17 42 59z", "threatids" \[] } } ] case action status check the status of a specific action on a case using the case id and action id in abnormal security endpoint url /v1/cases/{{caseid}}/actions/{{actionid}} method get input argument name type required description caseid string required unique identifier actionid string required unique identifier headers object optional http headers for the request mock data boolean optional response data output parameter type description status code number http status code of the response reason string response reason phrase status string status value description string output field description example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "status" "acknowledged", "description" "the request was completed successfully" } } ] case analysis retrieve a detailed analysis and timeline for a specific case in abnormal security using the unique case id endpoint url /v1/cases/{{caseid}}/analysis method get input argument name type required description caseid string required unique identifier headers object optional http headers for the request mock data boolean optional response data output parameter type description status code number http status code of the response reason string response reason phrase insights array output field insights signal string output field signal description string output field description eventtimeline array output field eventtimeline event timestamp string output field event timestamp category string output field category title string output field title field labels object output field field labels ip address string output field ip address location object output field location city string output field city state string output field state country string output field country prev location object output field prev location city string output field city state string output field state country string output field country description string output field description isp string output field isp browser string output field browser operating system string output field operating system device trust type string type of the resource protocol string output field protocol example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "insights" \[], "eventtimeline" \[] } } ] retrieve cases obtain an overview of detected security incidents by listing cases identified by abnormal security endpoint url /v1/cases method get input argument name type required description filter string optional parameter for retrieve cases pagesize number optional parameter for retrieve cases pagenumber number optional parameter for retrieve cases headers object optional http headers for the request mock data boolean optional response data output parameter type description status code number http status code of the response reason string response reason phrase cases array output field cases caseid string unique identifier severity string output field severity pagenumber number output field pagenumber nextpagenumber number output field nextpagenumber example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "cases" \[], "pagenumber" 1, "nextpagenumber" 2 } } ] get details of the remediation history retrieve the remediation history details for a specific threat log message using its message id in abnormal security endpoint url /messages/{{message id}}/remediation history method get input argument name type required description message id number required the abx message id of a message output parameter type description status code number http status code of the response reason string response reason phrase remediation history string output field remediation history folder locations array output field folder locations example \[ { "status code" 200, "reason" "ok", "json body" { "remediation history" "\\"auto remediated\\" \\"2023 04 11t20 54 56 244716+00 00\\"", "folder locations" \[] } } ] detection 360 reports retrieve missed attack or false positive reports from abnormal security's detection 360° by specifying the inquiry type endpoint url /v1/detection360/reports method get input argument name type required description inquiry type string required specifies the type of inquiry for the report available values are missed attack and false positive start string optional parameter for detection 360 reports end string optional parameter for detection 360 reports status string optional defines the current status of the detection report available values are unreviewed, containing attack, improving platform, resolved, and correcting judgement output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" \[ {} ] } ] employee information retrieve detailed information for an employee by using their email address as a unique identifier in abnormal security endpoint url /v1/employee/{{emailaddress}} method get input argument name type required description emailaddress string required parameter for employee information headers object optional http headers for the request mock data boolean optional response data output parameter type description status code number http status code of the response reason string response reason phrase name string name of the resource email string output field email title string output field title manager string output field manager example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "name" "tom", "email" "example\@example com", "title" "general manager", "manager" "manager email\@example com" } } ] employee genome analysis retrieve identity analysis data for a specified employee from abnormal security using their email address endpoint url /v1/employee/{{emailaddress}}/identity method get input argument name type required description emailaddress string required parameter for employee genome analysis headers object optional http headers for the request mock data boolean optional response data output parameter type description status code number http status code of the response reason string response reason phrase data array response data key string output field key name string name of the resource description string output field description values array value for the parameter value string value for the parameter percentage number output field percentage total count number count value example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "data" \[] } } ] non analyzed messages retrieve messages from the abuse mailbox in abnormal security that are pending analysis endpoint url /v1/abuse mailbox/not analyzed method get input argument name type required description start string optional parameter for non analyzed messages end string optional parameter for non analyzed messages output parameter type description status code number http status code of the response reason string response reason phrase results object result of the operation abx message id number unique identifier recipient object output field recipient name string name of the resource email string output field email reported datetime string time value reporter object output field reporter name string name of the resource email string output field email subject string output field subject not analyzed reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "results" {} } } ] threat details retrieve detailed information for a specified threat in abnormal security using the unique threat id provided endpoint url /v1/threats/{{threatid}} method get input argument name type required description pagesize number optional parameter for threat details pagenumber number optional parameter for threat details threatid string required unique identifier headers object optional http headers for the request mock data boolean optional response data output parameter type description status code number http status code of the response reason string response reason phrase threatid string unique identifier messages array response message threatid string unique identifier abxmessageid number unique identifier abxportalurl string url endpoint for the request subject string output field subject fromaddress string output field fromaddress fromname string name of the resource senderdomain string output field senderdomain toaddresses string output field toaddresses recipientaddress string output field recipientaddress receivedtime string time value senttime string time value internetmessageid string unique identifier remediationstatus string status value attacktype string type of the resource attackstrategy string output field attackstrategy returnpath string output field returnpath replytoemails array output field replytoemails ccemails array output field ccemails senderipaddress string output field senderipaddress impersonatedparty string output field impersonatedparty attackvector string output field attackvector example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "threatid" "184712ab 6d8b 47b3 89d3 a314efef79e2", "messages" \[], "pagenumber" 1, "nextpagenumber" 2 } } ] threat action status check the status of a requested action on a threat within abnormal security using threatid and actionid endpoint url /v1/threats/{{threatid}}/actions/{{actionid}} method get input argument name type required description threatid string required unique identifier actionid string required unique identifier headers object optional http headers for the request mock data boolean optional response data output parameter type description status code number http status code of the response reason string response reason phrase status string status value description string output field description example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "status" "acknowledged", "description" "the request was completed successfully" } } ] threat attachment details retrieve detailed attachment information for a given threat id in abnormal security endpoint url /v1/threats/{{threatid}}/attachments method get input argument name type required description threatid string required unique identifier headers object optional http headers for the request mock data boolean optional response data output parameter type description status code number http status code of the response reason string response reason phrase threats array output field threats abxmessageid number unique identifier attachmentname string name of the resource example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "threats" \[] } } ] threat link info retrieve detailed link information for a given threat id from abnormal security, requiring the threatid as a path parameter endpoint url /v1/threats/{{threatid}}/links method get input argument name type required description threatid string required unique identifier headers object optional http headers for the request mock data boolean optional response data output parameter type description status code number http status code of the response reason string response reason phrase threats array output field threats abxmessageid number unique identifier domainlink string output field domainlink linktype string type of the resource source string output field source displaytext string output field displaytext linkurl string url endpoint for the request example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "threats" \[] } } ] threat retrieval obtain a detailed list of threats identified by abnormal security, providing insights into potential security incidents endpoint url /v1/threats method get input argument name type required description filter string optional parameter for threat retrieval sender string optional parameter for threat retrieval source string optional parameter for threat retrieval recipient string optional parameter for threat retrieval subject string optional parameter for threat retrieval topic string optional parameter for threat retrieval attackstrategy string optional parameter for threat retrieval impersonatedparty string optional parameter for threat retrieval attacktype string optional type of the resource threattype string optional type of the resource pagesize number optional parameter for threat retrieval pagenumber number optional parameter for threat retrieval headers object optional http headers for the request mock data boolean optional response data output parameter type description status code number http status code of the response reason string response reason phrase threats array output field threats threatid string unique identifier pagenumber number output field pagenumber nextpagenumber number output field nextpagenumber example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "threats" \[], "pagenumber" 1, "nextpagenumber" 2 } } ] vendor details retrieve details for a specified vendor domain from abnormal security, requiring the vendordomain as a path parameter endpoint url /v1/vendors/{{vendordomain}}/details method get input argument name type required description vendordomain string required parameter for vendor details headers object optional http headers for the request mock data boolean optional response data output parameter type description status code number http status code of the response reason string response reason phrase vendordomain string output field vendordomain risklevel string output field risklevel vendorcontacts array output field vendorcontacts companycontacts array output field companycontacts vendorcountries array output field vendorcountries analysis array output field analysis vendoripaddress array output field vendoripaddress example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "vendordomain" "vendor com", "risklevel" "high", "vendorcontacts" \[], "companycontacts" \[], "vendorcountries" \[], "analysis" \[], "vendoripaddress" \[] } } ] vendor activity retrieve interaction activity for a specified vendor domain in abnormal security, requiring the vendordomain path parameter endpoint url /v1/vendors/{{vendordomain}}/activity method get input argument name type required description vendordomain string required parameter for vendor activity headers object optional http headers for the request mock data boolean optional response data output parameter type description status code number http status code of the response reason string response reason phrase eventtimeline array output field eventtimeline eventtimestamp string output field eventtimestamp eventtype string type of the resource suspiciousdomain string output field suspiciousdomain domainip string output field domainip ipgeolocation string output field ipgeolocation attackgoal string output field attackgoal actiontaken string output field actiontaken hasengagement boolean output field hasengagement recipient string output field recipient threatid string unique identifier example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "eventtimeline" \[] } } ] vendor case details retrieve detailed information for a specific vendor case in abnormal security using the unique case id endpoint url /v1/vendor cases/{{id}} method get input argument name type required description id string required unique identifier headers object optional http headers for the request mock data boolean optional response data output parameter type description status code number http status code of the response reason string response reason phrase vendorcaseid number unique identifier firstobservedtime string time value lastmodifiedtime string time value vendordomain string output field vendordomain insights array output field insights highlight string output field highlight description string output field description timeline array output field timeline eventtimestamp string output field eventtimestamp senderaddress string output field senderaddress recipientaddress string output field recipientaddress subject string output field subject markedas string output field markedas threatid string unique identifier example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 22 40 36 gmt", "content type" "application/json", "content length" "1757", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "3aa7103c 84d3 474a 97dd 64b9870d59d6", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "vendorcaseid" 0, "firstobservedtime" "2020 06 09t17 42 59z", "lastmodifiedtime" "2020 06 09t17 42 59z", "vendordomain" "vendor com", "insights" \[], "timeline" \[] } } ] vendor cases list retrieve an overview of potential security incidents by listing vendor cases from abnormal security endpoint url /v1/vendor cases method get input argument name type required description filter string optional parameter for vendor cases list pagesize number optional parameter for vendor cases list pagenumber number optional parameter for vendor cases list headers object optional http headers for the request mock data boolean optional response data output parameter type description status code number http status code of the response reason string response reason phrase vendorcases array output field vendorcases vendorcaseid number unique identifier pagenumber number output field pagenumber nextpagenumber number output field nextpagenumber example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 22 40 35 gmt", "content type" "application/json", "content length" "109", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "9c0e0956 c50b 4c78 bd66 cb4b522d5fd6", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "vendorcases" \[], "pagenumber" 1, "nextpagenumber" 2 } } ] list vendors retrieve a list of vendors your organization has interacted with via abnormal security endpoint url /v1/vendors method get input argument name type required description pagesize number optional parameter for list vendors pagenumber number optional parameter for list vendors headers object optional http headers for the request mock data boolean optional response data output parameter type description status code number http status code of the response reason string response reason phrase vendors array output field vendors vendordomain string output field vendordomain pagenumber number output field pagenumber nextpagenumber number output field nextpagenumber example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "vendors" \[], "pagenumber" 1, "nextpagenumber" 2 } } ] case management update or retrieve details for a specific abnormal security case using the provided case id endpoint url /v1/cases/{{caseid}} method post input argument name type required description caseid string required unique identifier headers object optional http headers for the request mock data boolean optional response data action string optional parameter for case management output parameter type description status code number http status code of the response reason string response reason phrase action string output field action example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "action" "action required" } } ] threat management manage a specific threat in abnormal security by utilizing the provided threatid endpoint url /v1/threats/{{threatid}} method post input argument name type required description threatid string required unique identifier headers object optional http headers for the request mock data boolean optional response data action string optional parameter for threat management output parameter type description status code number http status code of the response reason string response reason phrase actionid string unique identifier statusurl string url endpoint for the request example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" { "actionid" "a33a212a 89ff 461f be34 ea52aff44a73", "statusurl" "https //api abnormalplatform com/v1/threats/184712ab 6d8b 47b3 89d3 a314efef79e2 " } } ] report misjudgement report a missed attack or false positive to abnormal security, enhancing future detection accuracy a json body input is required endpoint url /v1/detection360/reports method post input argument name type required description report type string optional type of the resource received date string optional date value description string optional parameter for report misjudgement portal link string optional parameter for report misjudgement output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "mon, 06 may 2024 20 11 44 gmt", "content type" "application/json", "content length" "144", "connection" "keep alive", "server" "nginx", "vary" "accept", "allow" "get, options", "x abnormal trace id" "b1667e55 51de 4e6c 9a36 85ba4184dea3", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "same origin" }, "reason" "ok", "json body" {} } ] response headers header description example allow http response header allow get, options connection http response header connection keep alive content length the length of the response body in bytes 1757 content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt referrer policy http response header referrer policy same origin server information about the software used by the origin server nginx vary http response header vary accept x abnormal trace id http response header x abnormal trace id 3aa7103c 84d3 474a 97dd 64b9870d59d6 x content type options http response header x content type options nosniff x frame options http response header x frame options deny notes product version tested against 1 10 0