UPDATE: Please use Data Channels for ALL report forwarding (SMTP, XARF submissions etc.) The current process listed in this document will soon be disabled.
Overview
The most important step to start with AbuseHQ is forwarding your network’s or MTA’s abuse data. You will need your mail administrator (if this is someone else) to help you with this step.
Please alias the abuse@, postmaster@ traffic, and any other role address that receives abuse reports to [email protected] (where ‘example’ is replaced by the AbuseHQ hostname you requested).
Manual forwarding using an email client does not work!
If you’re using Gmail or other services that require a forwarding verification opt-in, the verification emails will be delivered to your AbuseHQ mailbox.
Inbound Processing Automation
AbuseHQ includes 500+ different parsers for tens of thousands of reporters that consume abuse, copyright, vulnerability, and threat reports, automatically extracting the relevant metadata in each report.
An example is when you forward reports from shadowserver.org, AbuseHQ automatically downloads the related Shadowserver CSV file creating a single event for each line in the report.
Better Visibility
With threat analysis automation, the more abuse reports you send to AbuseHQ, your visibility of network security issues will be better.
Meanwhile, your work effort will decrease since Abusix will start doing all the hard work for you.
The following two are several must-have data sources for many network operators.
Once you have started forwarding traffic to AbuseHQ, the “Top Reporter” widget in AbuseHQ Statistics will give you valuable insights about each reporter AbuseHQ catches!
Send us a message
Having trouble with your setup or a technical issue? Get in touch with our team of Abusix experts.
Click the chat button at the bottom and send us your questions. Alternatively, you can email us at [email protected]