abnormal-security-caseslisted
Install: claude install-skill wyre-technology/msp-claude-plugins
# Abnormal Security Abuse Mailbox Cases
## Overview
Abnormal Security's Abuse Mailbox automatically processes user-reported suspicious emails. When users forward or report emails to a designated abuse mailbox address, Abnormal analyzes the reported message and creates a case with an AI-generated judgment. This skill covers case lifecycle, triage workflows, remediation actions, and bulk operations.
## Case Lifecycle
```
User Reports Email
|
v
Case Created (status: Open)
|
v
AI Analysis (judgment generated)
|
+---> Malicious ---> Auto-Remediate (if configured)
|
+---> Suspicious ---> Analyst Review Required
|
+---> Spam ---> Auto-Dismiss (if configured)
|
+---> Safe ---> Auto-Dismiss (if configured)
|
v
Analyst Action
|
+---> Remediate (quarantine/delete across org)
|
+---> Mark Not Spam (release to inbox)
|
+---> Dismiss (close case, no action)
|
v
Case Closed (status: Done)
```
## Case Field Reference
### Core Fields
| Field | Type | Description |
|-------|------|-------------|
| `caseId` | string | Unique case identifier |
| `severity` | string | Severity level of the case |
| `affectedEmployee` | string | Email address of the user who reported |
| `firstReported` | datetime | When the case was first reported |
### Judgment Fields
| Field | Type | Description |
|-------|------|-----------