Demo data mode: synthetic Catcher cases and notification events are being displayed.
Case Detail
INC-20260511-0012
Team lunch reminder
Triage
- Verdict
- benign
- Severity
- low
- Risk
- 3.5%
- Confidence
- high
- Action
- close_as_benign
- Status
- analysis_completed
- All authentication passed
- Internal sender
- No URLs or attachments
AI Summary
The report is a benign internal reminder. Authentication passed, no suspicious links or attachments were present, and auto-close policy conditions were met.
- Advisory
- yes
- Status
- ok
- Classification
- benign
- Model
- demo-llm
- Generated
- 2026-05-11T13:03:50Z
- Action
- close_as_benign
- Internal sender
- SPF/DKIM/DMARC passed
- No extracted URLs or attachments
Manual Triage Summary
No manual triage summary has been saved yet.
Action Broker
Governed action state shown for analyst review before mutation approval.
- Action path
- securityfabric.action-broker -> catcher.case/auto-close
- Approval tier
- policy_auto_close
- Execution mode
- mutation
- Dispatch status
- cancelled
- Blocked reason
- case_already_closed
- Result
- noop_after_close
Dry-run vs mutation mode is controlled by mutation and policy approval tier.
Closure evidence: closed_by: policy:auto-close, incident_status: closed
Callback request/action IDs: tenant-dev/CORR-INC-20260511-0012/ABR-20260511-0012
Callback publish/ingest: published / ingested
Message
- From
- Office Ops <office.ops@example.test>
- Sender domain
- example.test
- Reporter
- li.ops@example.test
- Reply-To
- office.ops@example.test
- Return-Path
- office.ops@example.test
- Message ID
- <m365-report-0012@example.test>
Signals
- SPF
- pass
- DKIM
- pass
- DMARC
- pass
- Clickable URLs
- 0
- Shorteners
- 0
- Attachments
- 0
- Attachment reputation
- clean
- Stego reviews
- 0
- QR decoded
- -
- Containers
- -
- Lure theme
- -
- Platforms
- -
- Objectives
- -
- URL enrichment
- -
- Domain enrichment
- -
- Redirects
- -
- Final mismatch
- -
- Browser forms
- -/-
- Threat intel
- -
- Intel matches
- -
URL Enrichment
- Status
- -
- Attempted
- -
- Redirected
- -
- Max hops
- -
- Shorteners expanded
- -
- Blocked/errors
- -/-
No URL trace items are available.
Browser Metadata
- Items
- -
- Password / OTP
- -/-
- CAPTCHA/checks
- -
- Brand mismatch
- -
- Browser final mismatch
- -
- Blocked/errors
- -/-
No browser metadata items are available.
Domain Infrastructure
- Status
- -
- Domains
- -
- DNS / TLS
- -/-
- New domains
- -
- Recent certs
- -
- Blocked/errors
- -/-
No domain infrastructure items are available.
Attachment Coverage
- QR URLs
- none
- PDF QR URLs
- none
- PDF QR scan
- available or not needed
- OCR login page
- not detected
- Disk image / LNK
- -
- Unsupported containers
- -
Threat Intel
- Status
- -
- Matches
- -
- Malicious
- -
- Suspicious
- -
- Sources
- -
No SecurityFabric threat-intel hits are attached to this case.
Pipeline
- Tenant
- tenant-dev
- Evidence ID
- EVID-20260511-0012
- Queue job
- 47
- Run ID
- 20260511_125900_0000_EVID-20260511-0012
- Closed by
- policy:auto-close
- Close reason
- -
- Closure note
- Closed by policy action: close_as_benign
Artifacts
- report_ui_json
- runs/tenant-dev/20260511_125900_0000_EVID-20260511-0012/artifacts/report_ui.json
Comments
No analyst comments yet.
Notifications
No notification events yet.