Configuring Inbound Processing
Access the settings menu AbuseHQ to configure Inbound Processing.
- Click your name in the top right corner
- Select
Settings
from the drop-down menu
- On the left side of your screen, select
Inbound Processing
under Automation.
Inbound Processing Explained
Inbound Processing located in AbuseHQ settings gives you the power to decide which events reach AbuseHQ and how to enrich these events.
The Inbound Processing configurable flow chart presents the flow of your events before they hit AbuseHQ.
The âIncoming Eventsâ or input node is where the parsed email and API events come into inbound processing. The events are then triaged and tagged with the event type, and âAbuseHQâ is where data is sent to be orchestrated in your AbuseHQ instance.
Inbound Processing is fully configurable, with an API integration to return values from your radius server or CRM and to otherwise fit your inbound identification and tagging requirements.
The AbuseHQ default configuration includes a filter called âIsRecentâ and a resolver called âIPResolverâ.
These inbound processing steps do the following:
Step 1, âIs recentâ
- If an event matches the âIsRecentâ date filter it is the event is passed on to the âIPResolverâ as shown by the green arrow.
- The event doesnât match the âIsRecentâ date filter, it is dropped and is not further processed. The flow chart illustrates this with no connected Nodes/Links on the âFailedâ or red output of the filter.
Step 2, âIP Resolverâ
- Upon receiving an event from the âIs Recentâ node, the resolver attempts to enrich the IP address for an event and add a subscriber id. The event is then passed to AbuseHQ (âAHQâ). Some resolvers resolve domain reports, like phishing reports to an IP address to further help identify a subscriber.
In Inbound Processing, there are several options to manipulate incoming data.
Integrity Checks
Three Integrity Checks validate the configuration of your Inbound Processing Flow. This is shown on the upper right side of the screen. These checks are
- âNo loopsâ checks if there are loops in your inbound processing flow. This prevents events from being sent into limbo.
- âConnection to AHQâ checks to make sure that there is at least one connection from âInputâ to âAHQâ so that is at least theoretically possible for events to reach the AbuseHQ. You could be over-filtering, but that is easy enough to fix.
- âNo disconnected nodesâ checks if there are unreachable nodes and subgraphs.
Saving Changes
All changes you make are saved but not directly taken live. This setting allows you to ensure that you configure everything correctly and not jeopardize real incoming data.
When you are done configuring, you can either take the current configuration live by clicking the blue Take config live
button or reset the inbound processing flow chart to the currently applied config by clicking Reset to live config
.
Filtering reports based on age
Sometimes, you may only handle reports for up to X days. This might be a legal or technical requirement; in some cases, it may just be your subjective choice of handling things.
Setting up a Filter in Inbound Processing is very simple, and this exact "IsRecent" Filter is already part of the Default Inbound Processing Chain.
Opening the âIsRecentâ node will show a form on the right side with all configuration options for this filter. The fields are more or less the same for all Filters.


Set a name, description, and the actual logic of the filter. In our case, we want to operate on the eventâs date and check if it is younger than 30 days (â30dâ). Some other examples of valuable filters may be:
- Check if the event IP is in your configured networks.
- Check if the event IP is in a network with a specific tag.
- Filter based on the type of the event (spam, copyright, etc.).
- Filter based on the sender's email address.
Dropping misdirected reports
Misdirected abuse reports, with IP addresses you are not responsible for, are sometimes sent to your abuse address and can become noise.
AbuseHQ's Inbound processing will filter out everything except the networks you have configured in your Network Settings (Settings > Networks), allowing you to focus on only what is essential.

Learn More
If you want to understand a little bit more about this feature, we recommend the following articles:
Still, need help?
No problem; click the chat button in the bottom right-hand corner of the screen and send us your questions. Alternatively, you can email us at support@abusix.com
also, follow our LinkedIn Channel for updates & subscribe to our YouTube Channel for the latest Abusix how-to-videos.