Blog , 21 Nov 2017

How to Use Inbound Processing

Tobias Knecht,

Founder and CEO, Abusix

When you receive an abuse report, have you ever asked yourself; what should the entire lifecycle of the report takedown be? That is, what should happen with the report and the data within it? What if you could start managing abuse, with a clean data flow rather than raw reports having bad reports filtered out, reports rerouted that need to go to a different department like legal or division all upfront, metadata from reports extracted, threats and network resources tagged, the subscriber’s identified for further action, and only have clean data?

Remember, I said “what if you could automatically” do this, AbuseHQ Inbound processing has the power to do all this, simply; with only 10-15 minutes on average; spent on an upfront configuration investment.

Automating inbound processing using AbuseHQ, immediately returns to you hours each and every day, because you no longer spend time reading, organizing, and trying to understand reports. This immediately gives you, more time to address serious network issues like phishing, spam, and malware.

So, what’s involved in getting started with AbuseHQ inbound processing? It’s simple. Let’s find out how.

To view more technical documentation on inbound processing, visit our Knowledge Base.

The Incredible Power Of AbuseHQ Inbound Processing

So first, think of inbound processing as creating filters in an Amazon search. Filters (or tags) remove irrelevant products so you only see what you need. In the same way, AbuseHQ’s inbound processing filters and tags abuse events with criteria so that you only see and act on abuse events that match your criteria.

Creating filters within inbound processing is one of the most common things we see people add within inbound processing, and it’s simple to set up. Within the AbuseHQ inbound process flow chart user interface, open a node anywhere, and set a filter with the variables you want.

For example, to set a filter that only allows events, occurring in the last 30 days to be processed, simply configure the filter to drop events that don’t meet this criteria; because reports of abuse older than 30 days for many abuse departments are too old for meaningful follow-up.  We aren’t passing judgment, you could set this to 60 days or not at all if you wish also. The point is, you can quickly and easily set inbound processing policies or routing appropriate to your own environment.

Also, behind the scenes, automatically, AbuseHQ “Abuse Type” tags are also added to every inbound event, without you having to lift a finger, so that event types and infection that a report might contain can be used in AbuseHQ Views, Playbooks, Email templates, Statistical Reporting and Webhooks.

See also: Common Inbound Abuse Channels That You Should Be Using For Solid Service Provider Security

These are a few examples in which AbuseHQ’s inbound processing simplifies the way AbuseHQ processes inbound abuse reports so that the cases they relate to are easy to handle, manually or automatically.

Before we dig even deeper still on inbound processing; consider now, how clearly and quickly AbuseHQ has an immediate impact on your organization out of the box;

  1. You no longer are looking at single reports.
  2. You are no longer building parsers or scripts or a related data model.

AbuseHQ has transformed all the different reports from all the different reporters into a useable clean aggregate data flow, making managing abuse easy and ready for quick manual actions within the trial and ready for automation in production.

Linkedin Icon Twitter Icon Facebook Icon E-mal Icon
Get in Touch

Talk to us

Do you want to know more about our products and services? Get in touch, we are always happy to answer any questions you may have.

The quickest way to get in touch with the team is via our online chat feature at the bottom right of this page.

Alternatively, feel free to email us at or send us a message via our form.