"But incident coordination is not an easy task, as you must keep track of many details and at the same time keep control over who has access to what information. Two tools that exist that are designed to help teams with incident coordination are AbuseHelper [AbuseSA] and Palantir. [...] The two previously mentioned frameworks could be seen as starting points from which teams can build their competency."

Damir Rajnovic
in the article Who's Performing Computer Incident Coordination?

Abuse Situation Awareness

Codenomicon Abuse Situation Awareness


Not all network incidents can be prevented and anticipated. When incidents occur it is important to have fast and effective means of responding to them. Codenomicon's Abuse Situation Awareness solutions use abuse information to provide you with the situation awareness you need to ensure the security and robustness of your network. The earlier you detect, analyze and resolve an incident, the smaller the damage and the lower the cost of recovery.

Security companies and voluntary organizations openly publish abuse feeds also containing incident information concerning your network. You can use this information to discover incidents affecting your networks earlier. The fundamental challenge in using abuse feeds is the vast amount of information that needs to be collected, processed and reported. With Codenomicon Abuse Situation Awareness Solutions, you can automate the whole process and turn abuse feeds into real-time situation awareness.

The main component of Abuse Situation Awareness Solutions is the AbuseHelper, which utilizes a network of bots to collect and process abuse information. Like a network of security experts, the bots collect, clear-up and categorize abuse information providing you with real-time situation awareness. Observe and react to internal and external threats at the earliest possible moment and provide your stakeholders with automated actionable reports.


The unique botnet inspired architechture and interactive visualisations make Codenomicon Abuse Situation Awareness solutions:

  • Scalable: Integrate your systems across your critical services and distribute work between different machines and different locations.
  • Robust: Have a system you can trust. One bot failing does not mean the whole engine stops working.
  • Flexible: Tap into information sources using various transports and formats. Each source is covered by its own bot.
  • Clear: Combine all your monitoring into one browser based user-interface. The bots function independently, no complex configurations needed.
  • Straightforward: Drill-up and down from high-level visualizations to domain specific information to monitor on different levels.


  • Handle more incident information faster

    Increase your organization's ability to handle incident information by using Abuse Situation Awareness solutions to automatically collect, process, report and visualize abuse information in large quantities. Automate the mundane tasks, produce insightful visualizations and have more resources for analysis and repairs

  • Discover incidents proactively

    Tap into new sources of abuse information and stay up to date on the latest threats. Through automation, Abuse Situation Awareness solutions reduce processing times and allow you to follow more information sources. Detect incidents at the earliest possible moment and gain more time to react to them.

  • Save time and effort

    The Abuse Situation Awareness solutions automate mundane tasks, such as abuse and incident data collection and reporting freeing up resources for more challenging tasks. The bots automatically process the collected information to ensure that the reports only contain actionable incident information. As ready solutions, they also enable you to skip the bootstrapping time needed to build your own solution from the ground-up.

  • Expand your coverage

    The botnet-inspired architecture makes Incident SA solutions easy to scale and integrate. To add a new source simply add a new bot for it in your botnet. You can tap into a diverse selection of sources, e.g. streaming real time data, daily mail reports, periodically polled HTTP resources, different data formats, and you no longer have to go through them manually.

  • Share and collaborate

    Benefit from the know-how of other similar actors, share yours to benefit them. The Codenomicon Abuse Situation Awareness solutions are based on a scalable, robust and actively developed open core, which allows non-publicly available extensions. Use automated reports to share real-time actionable incident information with your partners and stakeholders.


  • Deployment

    You can run Codenomicon Abuse Situation Awareness solutions in your own system. We can help you to set up the basic infrastructure and cnfigure the solutions for the incident handling needs of your organization. We also provide post-deployment support.

  • Tailored Modules

    You might wish to add a source, public or private, which is not yet supported by Abuse Situation Awareness solutions, or modify the solutions reporting capabilities. These tasks can be covered with tailored modules. We can help you set up and launch the new modules.

  • Production Support

    We will respond to all support request within next business day. We perform support tasks during the hours of service, which are 09:00 - 17:00 EET (+DST), excluding Finnish national holidays.

  • Training

    We provide training and consultation for setup and configuration. We will help your team to produce actionable reports to your stakeholders, integration of new feeds and improve their incident handling processes.

    Screenshots and Videos

    This video shows you how you can use the Abuse Situation Awareness solution to gain real-time situation awareness on abuse activity and to share it with your stakeholders.

    Example email report sent by AbuseHelper

    Example Abuse Situation Awareness visualisations

Contact us for more information

Learn more about how DEFENSICS can reduce your risk of zero-day attacks
Sign up for our newsletter