Catcher

Overview

Demo data mode: synthetic Catcher cases and notification events are being displayed.

Case Detail

INC-20260511-0012

Team lunch reminder

Triage

Verdict
benign
Severity
low
Risk
3.5%
Confidence
high
Action
close_as_benign
Status
analysis_completed
  • All authentication passed
  • Internal sender
  • No URLs or attachments

AI Summary

The report is a benign internal reminder. Authentication passed, no suspicious links or attachments were present, and auto-close policy conditions were met.

Advisory
yes
Status
ok
Classification
benign
Model
demo-llm
Generated
2026-05-11T13:03:50Z
Action
close_as_benign
  • Internal sender
  • SPF/DKIM/DMARC passed
  • No extracted URLs or attachments

Manual Triage Summary

No manual triage summary has been saved yet.

Action Broker

Governed action state shown for analyst review before mutation approval.

Action path
securityfabric.action-broker -> catcher.case/auto-close
Approval tier
policy_auto_close
Execution mode
mutation
Dispatch status
cancelled
Blocked reason
case_already_closed
Result
noop_after_close

Dry-run vs mutation mode is controlled by mutation and policy approval tier.

Closure evidence: closed_by: policy:auto-close, incident_status: closed

Callback request/action IDs: tenant-dev/CORR-INC-20260511-0012/ABR-20260511-0012

Callback publish/ingest: published / ingested

Message

From
Office Ops <office.ops@example.test>
Sender domain
example.test
Reporter
li.ops@example.test
Reply-To
office.ops@example.test
Return-Path
office.ops@example.test
Message ID
<m365-report-0012@example.test>

Signals

SPF
pass
DKIM
pass
DMARC
pass
Clickable URLs
0
Shorteners
0
Attachments
0
Attachment reputation
clean
Stego reviews
0
QR decoded
-
Containers
-
Lure theme
-
Platforms
-
Objectives
-
URL enrichment
-
Domain enrichment
-
Redirects
-
Final mismatch
-
Browser forms
-/-
Threat intel
-
Intel matches
-

URL Enrichment

Status
-
Attempted
-
Redirected
-
Max hops
-
Shorteners expanded
-
Blocked/errors
-/-

No URL trace items are available.

Browser Metadata

Items
-
Password / OTP
-/-
CAPTCHA/checks
-
Brand mismatch
-
Browser final mismatch
-
Blocked/errors
-/-

No browser metadata items are available.

Domain Infrastructure

Status
-
Domains
-
DNS / TLS
-/-
New domains
-
Recent certs
-
Blocked/errors
-/-

No domain infrastructure items are available.

Attachment Coverage

QR URLs
none
PDF QR URLs
none
PDF QR scan
available or not needed
OCR login page
not detected
Disk image / LNK
-
Unsupported containers
-

Threat Intel

Status
-
Matches
-
Malicious
-
Suspicious
-
Sources
-

No SecurityFabric threat-intel hits are attached to this case.

Pipeline

Tenant
tenant-dev
Evidence ID
EVID-20260511-0012
Queue job
47
Run ID
20260511_125900_0000_EVID-20260511-0012
Closed by
policy:auto-close
Close reason
-
Closure note
Closed by policy action: close_as_benign

Artifacts

report_ui_json
runs/tenant-dev/20260511_125900_0000_EVID-20260511-0012/artifacts/report_ui.json

Comments

No analyst comments yet.

    Notifications

    No notification events yet.

      Edit Manual Summary

      Add Comment

      Close Case