Skip to main content
Guardian Ops is an abuse management platform designed for ISPs, Hosting Providers, and DNS Operations. It provides a comprehensive solution for handling abuse reports and automating workflows. Once Guardian Ops receives your different abuse formats (Email, XARF, Global Reporting), they are parsed into events. Some reports can generate a large number of events because Guardian Ops is designed to be as granular as possible. For example, brute force attacks on many different ports from the same machine can lead to multiple events as every port is an event on its own. Next, each event flows through Inbound Processing. In Inbound Processing it is crucial to set up customer resolution because Guardian Ops needs at least a customer ID for aggregating all those events into customers and cases. There are two core concepts for customer resolution:
  1. Static resolution
  2. API resolution
Static resolution is usually based on IP or domain which is then considered as the customer ID. When using API resolution, we query your system with event metadata (e.g., one or multiple of IP, domain, date, port, type, etc.) which then responds with a unique customer ID. We strongly recommend API resolution as it allows the system to track abuse even when IPs, domains, or ports change. By default, Guardian Ops uses the IP address as the customer ID. Once a customer ID is present, we can aggregate incoming events into customers and cases. Customers are available immediately at https://app.abusix.com/guardian/ops/customers. Cases, however, need at least one case group in Inbound Processing. Also, automation requires cases, as you can attach playbooks only to case groups. Hence, when cases are configured, the next step is to set up automation in playbooks where you can make API calls to your systems or send emails (soon) using templates. The Getting Started guide walks you through the main steps of setup:
  1. Configure abuse report forwarding
  2. Set up customer resolution
  3. Configure inbound processing with case groups
  4. Set up playbooks for automation
Below is an overview of Guardian Ops’ key features and data pipeline:

abuse@mailbox

Forward your abuse reports to our system using three methods:
E-Mail Forwarding
Forward e-mails using our SMTP datachannels
XARF
Use the XARF standard for structurized and machine-readable reporting
Global Reporting
Receive abuse reports from Abusix reporting and our other customers
🔗 Start your trial here to access your individual forwarding address
Reports

Report Parsing Engine

Parses reports and generates events. Reports usually contain one event but we also handle bulk reports with thousands of abuse events.
Events

Orchestration and Aggregation: Inbound Processing

👤
Customer Resolver
Identify customers using event data (IP, Port, Domain, Date etc.)
Learn more...
🔍
Filtering
Reduce your mailbox volume to relevant reports
📦
Case Groups
Aggregate abuse events into groups following customizable rulesets
Learn more about Inbound Processing...
create

📋 Cases

Aggregated abuse events grouped by rules into case groups
Requires: Customer Resolver, Case Groups

👥 Customers

Customer-centric view of all related abuse reports
Requires: Customer Resolver
Cases

Automation: Playbooks

Every Case Group can have a playbook attached. Each case assigned to that group then runs through that playbook.
API Calls
Integrate with your API seamlessly and trigger your internal workflows.
Coming Soon
Email Templates
Use our E-Mail templating to send notifications and take-down notices.
Delayed Actions
Schedule actions to be executed after a specific time interval.
Coming Soon
Triggers
Progress your cases by calls from within your systems when a process is ready for the next steps.
👤
Manual Tasks
Interventions that require manual input
Coming Soon
🔗
Repshare
Share evidence with your customers.
Requires: Customer Resolver, Case Group, Playbook

Refinement and manual interventions

In the end you will handle the remaining reports that are not covered by automation and require manual intervention. Or you refine the automation & aggregation to cover more scenarios.

Getting Started

Ready to start using Guardian Ops? You can:
  1. Access the platform: Go to Guardian Ops and log in with your existing Abusix account or create a new one.
  2. Follow the setup guide: Jump to our Getting Started guide to configure your environment and begin managing abuse reports.
  3. Configure inbound processing: Set up your Inbound Processing workflow to control how incoming abuse reports are processed, enriched, and assigned to customers.