The AbuseHQ Event Inbox is a new feature that acts as an intermediary step between Inbound Processing and case creation. The Event Inbox aims to provide an overview of these unmatched events and the ability to process them accordingly.
Events pass through several stations in AbuseHQ until they can finally be sorted into Cases and processed.
First, the Event lands in Inbound Processing, which is enriched by (various) resolvers. This is followed by the Event Filters (configured in the Event Inbox), which offer the option of tagging or dropping Events. The Event then lands in the Case Group Manager, checking whether a specific Case Group matches an Event. If so, the Event lands in the Case Group and the processes defined in the Playbook are triggered.
It can easily happen that Events fall through the cracks and do not fit into any Case Group, for example, with new Event Types. Up until the introduction of the Event Inbox, Events that didn´t match a defined Case Group led to the creation of a Case in the Default Case Group. With the Event Inbox, if an Event does not match a Case Group or the associated Subscriber cannot be resolved, it ends up in the Event Inbox (Events that could not be assigned to a subscriber also end up there). Events can be tagged, dropped, or added to a Case Group.
By creating Event Filters, Events can be tagged and dropped automatically. The Event Filters are run through after Inbound Processing and before the Case Group Manager.
The Event Inbox can also support you in solving resolver and configuration problems, as a detailed Event Log is attached to each Event.
All Events View
Event Inbox Actions
Actions can be applied to single or multiple events.
Add to Case Group
Events that are in the state "NEW" and have a resolved Subscriber Id can be added to a Case Group manually, even when they don´t match the Precondition of the Case Group.
Events can be dropped, hiding them from the Event Inbox's default view.
Events can be tagged to make them easier to categorize and filter. Tags are case-insensitive and will automatically be converted to lowercase.
Events can be shared by their id or by the current filter.
To share Events by a filter, create a filter in the filter bar and click on the "Copy" icon next to the filter bar on the right. This will copy a link to the current Event Inbox view to the clipboard.
The Event Log
Every event includes an Event Log, accessed via the "Raw Data" tab. The Event Log provides information about the event´s flow through Inbound Processing and can be used to debug resolver issues and Inbound Processing configuration issues.
For example, if some of your events can´t be matched to a subscriber, the Event Log will indicate at which step the subscriber resolution process could have gone wrong.
Data in the Event Inbox is automatically deleted after a certain period.
All events older than one month will be deleted, regardless of their state. If your AbuseHQ instance has an event retention period lower than one month, your instance's event retention period will apply.
Events that are either dropped or already resulted in a case being created will be permanently deleted after seven days.
For instances where the Event inbox contains more than 10000 events in the state "NEW,” JSON fields (e.g.,
subscriber_resolver_data) will be removed from all events older than seven days.
Event Filters run automatically after Inbound Processing is complete, so they allow the execution of actions after resolvers have already run but before cases are created. Actions can be run depending on the fields of an event and are not run in any specific order.
Available actions include:
- Dropping an event
- Tagging an event
Create an Event Filter from the Event Filters Page
Click on New Filter in the Manage Event Filters View.
Create an Event Filter from the Events Page
It's possible to create an Event Filter using the filter that´s currently set in the All Event View. Clicking on "Create Event Filter" brings you to the Manage Event Filters Tab.
With the filters already selected:
Still, need help?
No problem; click the chat button in the bottom right-hand corner of the screen and send us your questions. Alternatively, you can email us at firstname.lastname@example.org
also, follow our LinkedIn Channel for updates & subscribe to our YouTube Channel for the latest Abusix how-to-videos.