Operations
Case Workbench
Operations
Case Workbench
Security Operations
Cases
Live phish triage queue for reported-message review and analyst follow-up.
Case Queue
Triage, closure, message, reporter, signal, and run context for current cases.
| Case | State | Closure Notes | Verdict / Risk | Message | Reporter / Source | Auth | URLs | Attachments | Reasons / Error | Pipeline |
|---|---|---|---|---|---|---|---|---|---|---|
| INC-20260511-0007 EVID-20260511-0007 age: 54d | analysis_completed open | Open | malicious high/ 87.5% confidence: high action: quarantine_or_block_sender | Action required: password expires today IT Helpdesk <it-support@micros0ft-login.example> micros0ft-login.example | alex.reporter@example.test phish-report@example.test <m365-report-0007@example.test> | SPF: failDKIM: noneDMARC: fail rollup: failed | Clickable: 3 Resource: 2 Domains: 2 Short/IDN/IP: 1/1/0 Platform: forms_or_survey, security_wrapper, url_shortener Redirects: 2 · mismatch 1 Infra new/cert/blocked: 1/1/1 Browser form/checks: 1/1 | Count: 1 Reputation: suspicious Masq/Stego: 0/0 | Header domain mismatch; Credential-harvest language; Lookalike sender domain | 20260511_115512_0000_EVID-20260511-0007 queue: 42 2026-05-11T12:04:22Z |
| INC-20260511-0008 EVID-20260511-0008 age: 54d | analysis_completed closed | manual Legitimate vendor invoice from allowlisted sender. soc-analyst@example.test · 2026-05-11T12:19:10Z | benign low/ 8.5% confidence: high action: close_as_benign | Invoice INV-44821 for April services Contoso Billing <billing@contoso.example> contoso.example | maria.sales@example.test phish-report@example.test <m365-report-0008@example.test> | SPF: passDKIM: passDMARC: pass rollup: passed | Clickable: 0 Resource: 0 Domains: 0 Short/IDN/IP: 0/0/0 Platform: - Redirects: 0 · mismatch 0 Infra new/cert/blocked: 0/0/0 Browser form/checks: 0/0 | Count: 1 Reputation: clean Masq/Stego: 0/0 | SPF/DKIM/DMARC passed; Known vendor domain; No suspicious URLs | 20260511_121001_0000_EVID-20260511-0008 queue: 43 2026-05-11T12:19:10Z |
| INC-20260511-0012 EVID-20260511-0012 age: 54d | analysis_completed closed | automatic Closed by policy action: close_as_benign policy:auto-close · 2026-05-11T13:04:10Z | benign low/ 3.5% confidence: high action: close_as_benign | Team lunch reminder Office Ops <office.ops@example.test> example.test | li.ops@example.test phish-report@example.test <m365-report-0012@example.test> | SPF: passDKIM: passDMARC: pass rollup: passed | Clickable: 0 Resource: 0 Domains: 0 Short/IDN/IP: 0/0/0 Platform: - Redirects: - · mismatch - Infra new/cert/blocked: -/-/- Browser form/checks: -/- | Count: 0 Reputation: clean Masq/Stego: 0/0 | All authentication passed; Internal sender; No URLs or attachments | 20260511_125900_0000_EVID-20260511-0012 queue: 47 2026-05-11T13:04:10Z |