1 · Ingestion
Abuse feeds
AbuseIPDB · SpamCop · CBL · PSBL
REST / webhook
API key · OAuth2 · partner push
Web form
Public portal · evidence upload
Email / SMTP
RFC 5965 · FBL · mailbox parse
↓
2 · AI triage
AI
Abuse classifier
Spam · phishing · malware · DDoS · CSAM
Report parser
Extract IPs · domains · evidence
Noise filter
Bad-faith · low-quality · bot reports
Translation
Multi-language reports → EN
↓
3 · Processing & enrichment
Normalizer
GeoIP · ASN · WHOIS · rDNS
Threat intel
VirusTotal · Shodan · DNSBL
Dedup engine
Hash fingerprint · configurable window
Event queue
Redis Streams · DLQ · backoff
↓
4 · Case engine
Case creator
Open · investigating · actioned · closed
Aggregator
Group · merge · re-score on arrival
Severity scorer
Type weight · count · recurrence
Routing
SLA tier · skill-based · on-call
↓
5 · AI intelligence
AI
Severity re-scorer
Context-aware score adjustment
Pattern detection
Cluster · coordinated attacks · botnets
Evidence analyser
Headers · URLs · logs → summary
Customer profiler
Billing + logs → risk profile
↓
6 · Automation & actions
Auto-suspend
WHMCS · null-route · grace period
IP / domain block
Firewall · DNSBL · WAF rules
Escalation
Time · severity · legal protocol
Notifications
Slack · PagerDuty · digest
↓
7 · AI communications
AI
Reporter replies
ACK · status update · resolution draft
Customer notices
Suspension · warning · evidence summary
Appeal handler
Read appeal → draft verdict
Case summariser
Agent handoff · management report
↓
8 · Storage
PostgreSQL
Cases · audit log · history
Redis
Queue · cache · locks
Elasticsearch
Search · analytics · trends
Object storage
S3 · evidence · retention policy
9 · Dashboards
Case management UI
Queue · workflow · bulk actions
Analytics
KPIs · trends · heatmaps
Rules editor
Thresholds · triggers · templates
Customer portal
Notices · appeal · case status
Ingestion
Processing
Case engine
Automation
Storage
Dashboards
AI layer
Click any block to go deeper