Demo data mode: synthetic Catcher cases and notification events are being displayed.
Case Detail
INC-20260511-0009
Limited time renewal discount
Triage
- Verdict
- spam
- Severity
- medium
- Risk
- 41.2%
- Confidence
- medium
- Action
- route_to_spam
- Status
- analysis_running
- Bulk marketing footer
- List-Unsubscribe present
- Link-heavy message
AI Summary
The message is probably spam or bulk marketing rather than phishing, but the link volume justifies keeping it in the analyst queue until enrichment finishes.
- Advisory
- yes
- Status
- ok
- Classification
- spam
- Model
- demo-llm
- Generated
- 2026-05-11T12:28:40Z
- Action
- route_to_spam
- Bulk footer language
- List-Unsubscribe present
- Link-heavy message
Manual Triage Summary
No manual triage summary has been saved yet.
Action Broker
Governed action state shown for analyst review before mutation approval.
- Action path
- securityfabric.action-broker -> catcher.triage/route
- Approval tier
- analyst_review
- Execution mode
- dry_run
- Dispatch status
- queued
- Blocked reason
- -
- Result
- pending_dispatch
Dry-run vs mutation mode is controlled by dry_run and policy approval tier.
Closure evidence: queue_position: 3
Callback request/action IDs: tenant-dev/CORR-INC-20260511-0009/ABR-20260511-0009
Callback publish/ingest: pending / pending
Message
- From
- Newsletter <promo@mailer.example>
- Sender domain
- mailer.example
- Reporter
- sam.finance@example.test
- Reply-To
- promo@mailer.example
- Return-Path
- bounce@mailer.example
- Message ID
- <m365-report-0009@example.test>
Signals
- SPF
- pass
- DKIM
- pass
- DMARC
- none
- Clickable URLs
- 7
- Shorteners
- 0
- Attachments
- 0
- Attachment reputation
- clean
- Stego reviews
- 0
- QR decoded
- -
- Containers
- -
- Lure theme
- -
- Platforms
- -
- Objectives
- -
- URL enrichment
- -
- Domain enrichment
- -
- Redirects
- -
- Final mismatch
- -
- Browser forms
- -/-
- Threat intel
- -
- Intel matches
- -
URL Enrichment
- Status
- -
- Attempted
- -
- Redirected
- -
- Max hops
- -
- Shorteners expanded
- -
- Blocked/errors
- -/-
No URL trace items are available.
Browser Metadata
- Items
- -
- Password / OTP
- -/-
- CAPTCHA/checks
- -
- Brand mismatch
- -
- Browser final mismatch
- -
- Blocked/errors
- -/-
No browser metadata items are available.
Domain Infrastructure
- Status
- -
- Domains
- -
- DNS / TLS
- -/-
- New domains
- -
- Recent certs
- -
- Blocked/errors
- -/-
No domain infrastructure items are available.
Attachment Coverage
- QR URLs
- none
- PDF QR URLs
- none
- PDF QR scan
- available or not needed
- OCR login page
- not detected
- Disk image / LNK
- -
- Unsupported containers
- -
Threat Intel
- Status
- -
- Matches
- -
- Malicious
- -
- Suspicious
- -
- Sources
- -
No SecurityFabric threat-intel hits are attached to this case.
Pipeline
- Tenant
- tenant-dev
- Evidence ID
- EVID-20260511-0009
- Queue job
- 44
- Run ID
- 20260511_122407_0000_EVID-20260511-0009
- Closed by
- -
- Close reason
- -
- Closure note
- -
Artifacts
- evidence_json
- runs/tenant-dev/20260511_122407_0000_EVID-20260511-0009/artifacts/evidence.json
- score_debug_json
- runs/tenant-dev/20260511_122407_0000_EVID-20260511-0009/artifacts/score.debug.json
Comments
No analyst comments yet.
Notifications
No notification events yet.