👋 How can we help you?

AbuseHQ Event Inbox Explained

The Event Inbox is an intermediary step between Inbound Processing and case creation.

 
 

Overview

The AbuseHQ Event Inbox is a new feature that acts as an intermediary step between Inbound Processing and case creation. The Event Inbox aims to provide an overview of these unmatched events and the ability to process them accordingly.

 

Event Lifecycle

Events pass through several stations in AbuseHQ until they can finally be sorted into Cases and processed.

First, the Event lands in Inbound Processing, which is enriched by (various) resolvers. This is followed by the Event Filters (configured in the Event Inbox), which offer the option of tagging or dropping Events. The Event then lands in the Case Group Manager, checking whether a specific Case Group matches an Event. If so, the Event lands in the Case Group and the processes defined in the Playbook are triggered.

It can easily happen that Events fall through the cracks and do not fit into any Case Group, for example, with new Event Types. Up until the introduction of the Event Inbox, Events that didn´t match a defined Case Group led to the creation of a Case in the Default Case Group. With the Event Inbox, if an Event does not match a Case Group or the associated Subscriber cannot be resolved, it ends up in the Event Inbox (Events that could not be assigned to a subscriber also end up there). Events can be tagged, dropped, or added to a Case Group.

By creating Event Filters, Events can be tagged and dropped automatically. The Event Filters are run through after Inbound Processing and before the Case Group Manager.

The Event Inbox can also support you in solving resolver and configuration problems, as a detailed Event Log is attached to each Event.

 

All Events View

1
1 The currently active query. 2 Edit the active filter using the query builder.
 

Event Inbox Actions

Actions can be applied to single or multiple events.

 
 
1.
1. Add tags to an event: 2. Manually add an Event to a Case Group. 3. Drop Event
 

Add to Case Group

Events that are in the state "NEW" and have a resolved Subscriber Id can be added to a Case Group manually, even when they don´t match the Precondition of the Case Group.

 

Drop

Events can be dropped, hiding them from the Event Inbox's default view.

 

Tag

Events can be tagged to make them easier to categorize and filter. Tags are case-insensitive and will automatically be converted to lowercase.

 

Sharing Events

Events can be shared by their id or by the current filter.

To share Events by a filter, create a filter in the filter bar and click on the "Copy" icon next to the filter bar on the right. This will copy a link to the current Event Inbox view to the clipboard.

 
 

The Event Log

Every event includes an Event Log, accessed via the "Raw Data" tab. The Event Log provides information about the event´s flow through Inbound Processing and can be used to debug resolver issues and Inbound Processing configuration issues.

For example, if some of your events can´t be matched to a subscriber, the Event Log will indicate at which step the subscriber resolution process could have gone wrong.

 

Event Retention

Data in the Event Inbox is automatically deleted after a certain period.

All events older than one month will be deleted, regardless of their state. If your AbuseHQ instance has an event retention period lower than one month, your instance's event retention period will apply.

Events that are either dropped or already resulted in a case being created will be permanently deleted after seven days.

For instances where the Event inbox contains more than 10000 events in the state "NEW,” JSON fields  (e.g., subscriber_resolver_data) will be removed from all events older than seven days.

 

Event Filters

Event Filters run automatically after Inbound Processing is complete, so they allow the execution of actions after resolvers have already run but before cases are created. Actions can be run depending on the fields of an event and are not run in any specific order.

Available actions include:

  • Dropping an event
  • Tagging an event
 
0.
0. Help: Shows the Event Inbox introduction video. 1. New Filter: Create a new Event Filter. Event Filters are run after Inbound Processing. 2. Search Event Filters: 3. Non-Active Event Filter: The Event Filter is inactive and does not run after Inbound Processing. 4. Active Event Filter: The Event Filter is active and runs after Inbound Processing. 5. The Event Filters name can be changed by clicking on the name or the pen icon on the right. 6. Event Filters can be edited (pen icon), duplicated (two stacked sheets icon), or deleted (trash icon) 7. Status: This can be active or inactive. Only active Event Filters are run after Inbound Processing. 8. Condition: Define the conditions events must meet to trigger an action. 9. Actions: Drop and Tag is two types of actions. Actions can be added by clicking the plus icon and deleted by clicking the "Trash" icon. 10. Shows if events already in the Event Inbox meet the condition. The action can be manually applied to the existing Events by clicking on Ok. 11. Save or discard changes. 12. Shows who last changed the Event Filter and when.
 

Create an Event Filter from the Event Filters Page

Click on New Filter in the Manage Event Filters View.

 
 

Create an Event Filter from the Events Page

It's possible to create an Event Filter using the filter that´s currently set in the All Event View. Clicking on "Create Event Filter" brings you to the Manage Event Filters Tab.

 
 

With the filters already selected:

 
 
 
 

Send us a message

Having trouble with your setup or a technical issue? Get in touch with our team of Abusix experts.

Click the chat button at the bottom and send us your questions. Alternatively, you can email us at support@abusix.com

 

also, follow our LinkedIn Channel for updates & subscribe to our YouTube Channel for the latest Abusix how-to-videos.

 
 
Did this answer your question?
😞
😐
🤩