New file
Overview
Case Groups allow you to group or separate different event types based on your specific handling procedures and policies.
Every Case Group is associated with a Playbook, which defines a workflow with multiple states.
Accessing Case Groups in AbuseHQ
To configure Case Groups, access the System Settings menu in the Admin Portal:
- Click Settings in the left menu under AbuseHQ.
- Click Case Groups under Automation.
- If this is your first time creating a Case Group, click the Add Case Group button.
- If not, click Define a new Case Group.
Creating a New Case Group
- Enter a name for the Case Group.
- Choose a color for easy identification.
- Click the Rule button.
- For Event Type, select:
- Event:
Complainant
- Condition:
does contain
- Value:
shadowserver
- Event:
- Click Rule again to add another:
- Event:
open-mongodb
(keep the other fields the same)
- Event:
- From the dropdown, select the Playbook you created for this event type.
- Click the Save button.
- Finally, go back into the newly created Case Group and click the green Activate button.
Deactivate, Archive, and Unarchive Case Groups
- Case Groups may be archived if they are deactivated.
- You can only delete Case Groups without unresolved cases.
- Archiving helps hide inactive groups while preserving unresolved data.
To archive a Case Group:
- Deactivate the Case Group.
- Click the Archive button.
To unarchive:
- Click the Unarchive button.
- Toggle the Show archived Case Groups switch to view or restore them.
Case Creation Behavior
You don’t need to select any of the advanced options for a case to be created successfully.
By default, every complaint of a certain event type will be consolidated into one open case per subscriber based on the case group rules.
This is the most commonly used configuration.
Option Descriptions:
Separate Case per Contract
- Use when subscribers have unique contract data (e.g., multiple storefronts or a reseller managing different customers).
- Ensures each contract generates its own case.
⚠️ Use this if you want to split cases based on different contracts.
Separate Case per Event Type
- Creates separate cases for each event type.
- Events of different types will not be grouped into a single case.
Single Event per Case
- Creates a new case for every single event, regardless of existing open cases.
- This is rarely used as it results in a large number of cases, but may be required by specific workflows.