Overview

Case Groups allow you to group or separate different event types based on your specific handling procedures and policies.
Every Case Group is associated with a Playbook, which defines a workflow with multiple states.


Accessing Case Groups in AbuseHQ

To configure Case Groups, access the System Settings menu in the Admin Portal:

  1. Click Settings in the left menu under AbuseHQ.
  2. Click Case Groups under Automation.
  • If this is your first time creating a Case Group, click the Add Case Group button.
  • If not, click Define a new Case Group.

Creating a New Case Group

  1. Enter a name for the Case Group.
  2. Choose a color for easy identification.
  3. Click the Rule button.
  4. For Event Type, select:
    • Event: Complainant
    • Condition: does contain
    • Value: shadowserver
  5. Click Rule again to add another:
    • Event: open-mongodb (keep the other fields the same)
  6. From the dropdown, select the Playbook you created for this event type.
  7. Click the Save button.
  8. Finally, go back into the newly created Case Group and click the green Activate button.

Deactivate, Archive, and Unarchive Case Groups

  • Case Groups may be archived if they are deactivated.
  • You can only delete Case Groups without unresolved cases.
  • Archiving helps hide inactive groups while preserving unresolved data.

To archive a Case Group:

  1. Deactivate the Case Group.
  2. Click the Archive button.

To unarchive:

  1. Click the Unarchive button.
  2. Toggle the Show archived Case Groups switch to view or restore them.

Case Creation Behavior

You don’t need to select any of the advanced options for a case to be created successfully.
By default, every complaint of a certain event type will be consolidated into one open case per subscriber based on the case group rules.
This is the most commonly used configuration.

Option Descriptions:

Separate Case per Contract

  • Use when subscribers have unique contract data (e.g., multiple storefronts or a reseller managing different customers).
  • Ensures each contract generates its own case.

⚠️ Use this if you want to split cases based on different contracts.

Separate Case per Event Type

  • Creates separate cases for each event type.
  • Events of different types will not be grouped into a single case.

Single Event per Case

  • Creates a new case for every single event, regardless of existing open cases.
  • This is rarely used as it results in a large number of cases, but may be required by specific workflows.