Operations

Case Workbench

Demo data mode: synthetic Catcher cases and notification events are being displayed.
Operations

Case Workbench

Security Operations

Cases

Live phish triage queue for reported-message review and analyst follow-up.

Total6
Open4
Queued1
Running1
Completed3
Failed1
Malicious1
High/Critical2

Case Queue

Triage, closure, message, reporter, signal, and run context for current cases.

6 shown
Reset
CaseStateClosure NotesVerdict / RiskMessageReporter / SourceAuthURLsAttachmentsReasons / ErrorPipeline
INC-20260511-0007
EVID-20260511-0007
age: 54d
analysis_completed
open
Openmalicious
high/ 87.5%
confidence: high
action: quarantine_or_block_sender
Action required: password expires today
IT Helpdesk <it-support@micros0ft-login.example>
micros0ft-login.example
alex.reporter@example.test
phish-report@example.test
<m365-report-0007@example.test>
SPF: failDKIM: noneDMARC: fail
rollup: failed
Clickable: 3
Resource: 2
Domains: 2
Short/IDN/IP: 1/1/0
Platform: forms_or_survey, security_wrapper, url_shortener
Redirects: 2 · mismatch 1
Infra new/cert/blocked: 1/1/1
Browser form/checks: 1/1
Count: 1
Reputation: suspicious
Masq/Stego: 0/0
Header domain mismatch; Credential-harvest language; Lookalike sender domain20260511_115512_0000_EVID-20260511-0007
queue: 42
2026-05-11T12:04:22Z
INC-20260511-0008
EVID-20260511-0008
age: 54d
analysis_completed
closed
manual
Legitimate vendor invoice from allowlisted sender.
soc-analyst@example.test · 2026-05-11T12:19:10Z
benign
low/ 8.5%
confidence: high
action: close_as_benign
Invoice INV-44821 for April services
Contoso Billing <billing@contoso.example>
contoso.example
maria.sales@example.test
phish-report@example.test
<m365-report-0008@example.test>
SPF: passDKIM: passDMARC: pass
rollup: passed
Clickable: 0
Resource: 0
Domains: 0
Short/IDN/IP: 0/0/0
Platform: -
Redirects: 0 · mismatch 0
Infra new/cert/blocked: 0/0/0
Browser form/checks: 0/0
Count: 1
Reputation: clean
Masq/Stego: 0/0
SPF/DKIM/DMARC passed; Known vendor domain; No suspicious URLs20260511_121001_0000_EVID-20260511-0008
queue: 43
2026-05-11T12:19:10Z
INC-20260511-0009
EVID-20260511-0009
age: 54d
analysis_running
open
Openspam
medium/ 41.2%
confidence: medium
action: route_to_spam
Limited time renewal discount
Newsletter <promo@mailer.example>
mailer.example
sam.finance@example.test
phish-report@example.test
<m365-report-0009@example.test>
SPF: passDKIM: passDMARC: none
rollup: mixed
Clickable: 7
Resource: 14
Domains: 3
Short/IDN/IP: 0/0/0
Platform: -
Redirects: - · mismatch -
Infra new/cert/blocked: -/-/-
Browser form/checks: -/-
Count: 0
Reputation: clean
Masq/Stego: 0/0
Bulk marketing footer; List-Unsubscribe present; Link-heavy message20260511_122407_0000_EVID-20260511-0009
queue: 44
2026-05-11T12:29:12Z
INC-20260511-0010
EVID-20260511-0010
age: 54d
analysis_failed
open
Openunknown
critical/ 93.4%
confidence: low
action: manual_review
Updated employee handbook attached
HR Shared Drive <hr-docs@sharepoint-files.example>
sharepoint-files.example
nora.hr@example.test
phish-report@example.test
<m365-report-0010@example.test>
SPF: softfailDKIM: noneDMARC: fail
rollup: failed
Clickable: 2
Resource: 3
Domains: 2
Short/IDN/IP: 0/0/1
Platform: -
Redirects: - · mismatch -
Infra new/cert/blocked: -/-/-
Browser form/checks: -/-
Count: 2
Reputation: malicious
Masq/Stego: 1/1
Attachment masquerade detected; DMARC failed; PDF JavaScript flag present
LLM endpoint timeout after deterministic scoring; manual review required.
20260511_123900_0000_EVID-20260511-0010
queue: 45
2026-05-11T12:44:31Z
INC-20260511-0011
EVID-20260511-0011
age: 54d
queued_for_analysis
open
Openpending
low/ -
confidence: pending
action: pending_analysis
Shared voicemail transcription
Voice Mail <voicemail@pbx.example>
pbx.example
devon.it@example.test
phish-report@example.test
<m365-report-0011@example.test>
SPF: -DKIM: -DMARC: -
rollup: pending
Clickable: 0
Resource: 0
Domains: 0
Short/IDN/IP: 0/0/0
Platform: -
Redirects: - · mismatch -
Infra new/cert/blocked: -/-/-
Browser form/checks: -/-
Count: 1
Reputation: pending
Masq/Stego: 0/0
No reasons yet-
queue: 46
2026-05-11T12:52:00Z
INC-20260511-0012
EVID-20260511-0012
age: 54d
analysis_completed
closed
automatic
Closed by policy action: close_as_benign
policy:auto-close · 2026-05-11T13:04:10Z
benign
low/ 3.5%
confidence: high
action: close_as_benign
Team lunch reminder
Office Ops <office.ops@example.test>
example.test
li.ops@example.test
phish-report@example.test
<m365-report-0012@example.test>
SPF: passDKIM: passDMARC: pass
rollup: passed
Clickable: 0
Resource: 0
Domains: 0
Short/IDN/IP: 0/0/0
Platform: -
Redirects: - · mismatch -
Infra new/cert/blocked: -/-/-
Browser form/checks: -/-
Count: 0
Reputation: clean
Masq/Stego: 0/0
All authentication passed; Internal sender; No URLs or attachments20260511_125900_0000_EVID-20260511-0012
queue: 47
2026-05-11T13:04:10Z