👋 How can we help you?

Event inbox

The Event Inbox acts as an intermediary step between Inbound Processing and case creation.

Last updated on Invalid Date

 
 

Overview

The AbuseHQ Event Inbox is a new feature that acts as an intermediary step between Inbound Processing and case creation. The Event Inbox aims to provide an overview of these unmatched events and the ability to process them accordingly.

 

Event Lifecycle

Events pass through several stations in AbuseHQ until they can finally be sorted into Cases and processed.

First, the Event lands in Inbound Processing, where the Event is enriched by (various) resolvers. This is followed by the Event Filters (which are configured in the Event Inbox), which offer the option of tagging or dropping Events. The Event then lands in the Case Group Manager, where it is checked whether an Event is matched by a specific Case Group. If so, the Event lands in the Case Group, and the processes defined in the Playbook are triggered.

It can easily happen that Events fall through the cracks and do not fit into any Case Group, for example with new Event Types. Up until the introduction of the Event Inbox, Events that didn´t match a defined Case Group lead to the creation of a Case in the Default Case Group. With the Event Inbox, if an Event does not match a Case Group or if the associated Subscriber could not be resolved, it ends up in the Event Inbox (Events that could not be assigned to a subscriber also end up there). Here, Events can be subsequently tagged, dropped, or added to a Case Group.

By creating Event Filters, Events can be tagged and dropped automatically. The Event Filters are run through after Inbound Processing and before the Case Group Manager.

The Event Inbox can also support you in solving resolver and configuration problems, as a detailed Event Log is attached to each Event.

 

All Events View

1
1 The currently active query. 2 Edit the active filter using the query builder.
 

Event Inbox Actions

Actions can be applied to single or multiple events.

 
 
1.
1. Add tags to an event: 2. Manually add an Event to a Case Group. 3. Drop Event
 

Add to Case Group

Events that are in state "NEW" and have a resolved Subscriber Id can be added to a Case Group manually, even when they don´t match the Precondition of the Case Group.

 

Drop

Events can be dropped, which hides them from the default view of the Event Inbox.

 

Tag

Events can be tagged to make them easier to categorize and filter. Tags are case-insensitive and will automatically be converted to lowercase.

 

Sharing Events

Events can be shared by their id or by the current filter.

To share Events by a filter, create a filter in the filter bar and click on the "Copy" icon next to the filter bar on the right. This will copy a link to the current Event Inbox view to the clipboard.

 
 

The Event Log

Every event includes an Event Log which can be accessed via the "Raw Data" tab. The Event Log provides information about the event´s flow through Inbound Processing and can be used to debug resolver issues and Inbound Processing configuration issues.

For example, if some of your events can´t be matched to a subscriber, the Event Log will indicate at which step the subscriber resolution process could have gone wrong.

 

Event Retention

Data in the Event Inbox is automatically deleted after a certain period.

All events older than 1 month, regardless of their state, will be deleted permanently. If your AbuseHQ instance has an event retention period lower than 1 month, your instance's event retention period will apply.

Events that are either dropped or already resulted in a case being created will be permanently deleted after 7 days.

For instances where the Event inbox contains more than 10000 events in the state "NEW", JSON fields  (e.g. subscriber_resolver_data) will be removed from all events older than 7 days.

 

Event Filters

Event Filters run automatically after Inbound Processing is complete, so they allow the execution of actions after resolvers have already run, but before cases are created. Actions can be run depending on the fields of an event and are not run in any specific order.

Available actions include:

  • Dropping an event
  • Tagging an event
 
0.
0. Help: Shows the Event Inbox introduction video. 1. New Filter: Create a new Event Filter. Event Filters are run after Inbound Processing. 2. Search Event Filters: 3. Non-Active Event Filter: The Event Filter is not active and does not run after Inbound Processing. 4. Active Event Filter: The Event Filter is active and runs after Inbound Processing. 5. The Event Filters name. Can be changed by clicking on the name or the pen icon on the right. 6. Event Filters can be edited (pen icon), duplicated (two stacked sheets icon), or deleted (trash icon) 7. Status: Can be active or inactive. Only active Event Filters are run after Inbound Processing. 8. Condition: Define the condition events have to meet to trigger an action. 9. Actions: There are two types of actions: Drop and Tag. Actions can be added by clicking the plus icon and deleted by clicking the "Trash" icon. 10. Shows if Events that are already in the Event Inbox meet the condition. The action can be applied to the existing Events manually by clicking on Ok. 11. Save or discard changes. 12. Shows who did last change the Event Filter and when.
 

Create an Event Filter from the Event Filters Page

Click on New Filter in the Manage Event Filters View.

 
 

Create an Event Filter from the Events Page

It's possible to create an Event Filter using the filter that´s currently set in the All Event View. Clicking on "Create Event Filter" brings you to the Manage Event Filters Tab.

 
 

With the filters already selected:

 
 
 
 
 
Did this answer your question?
😞
😐
🤩