Inbound Processing, located in the AbuseHQ settings, gives you the power to decide which events reach AbuseHQ and how to enrich those events.
The configurable Inbound Processing Flow Chart presents the journey of your events before they enter AbuseHQ.
To configure Inbound Processing:
The default AbuseHQ Inbound Processing setup includes:
IsRecent
IPResolver
IsRecent
IPResolver
. (Shown by a green arrow in the flow chart.)IPResolver
Inbound Processing is fully configurable and supports API integrations.
For example, you can:
Inbound Processing includes three integrity checks, displayed in the upper-right of the configuration screen:
Changes made in Inbound Processing are saved, but not live immediately.
Once your configuration is ready:
You may only want to process reports up to a certain age (e.g., 30 days), based on legal, technical, or organizational policies.
IsRecent
filter to accomplish this.IsRecent
node.30d
.Other useful filters might include:
Sometimes, abuse reports are sent to your address for IPs you do not manage—these are considered noise.
AbuseHQ’s Inbound Processing can filter out such misdirected reports by comparing them to your defined networks in:
Settings > Networks
This ensures you focus only on events relevant to your infrastructure.
Inbound Processing, located in the AbuseHQ settings, gives you the power to decide which events reach AbuseHQ and how to enrich those events.
The configurable Inbound Processing Flow Chart presents the journey of your events before they enter AbuseHQ.
To configure Inbound Processing:
The default AbuseHQ Inbound Processing setup includes:
IsRecent
IPResolver
IsRecent
IPResolver
. (Shown by a green arrow in the flow chart.)IPResolver
Inbound Processing is fully configurable and supports API integrations.
For example, you can:
Inbound Processing includes three integrity checks, displayed in the upper-right of the configuration screen:
Changes made in Inbound Processing are saved, but not live immediately.
Once your configuration is ready:
You may only want to process reports up to a certain age (e.g., 30 days), based on legal, technical, or organizational policies.
IsRecent
filter to accomplish this.IsRecent
node.30d
.Other useful filters might include:
Sometimes, abuse reports are sent to your address for IPs you do not manage—these are considered noise.
AbuseHQ’s Inbound Processing can filter out such misdirected reports by comparing them to your defined networks in:
Settings > Networks
This ensures you focus only on events relevant to your infrastructure.