← All Case Studies
SecOps·Technology
Automated Phishing Triage Pipeline
Anonymized Client
Automated phishing ingestion and triage using Predictive Intelligence and Now Assist — reducing Tier-1 analyst burden and accelerating identification of genuine threats.
Significantly reduced
Analyst Time on Manual Review
Automated via Predictive Intelligence
Threat Classification
Immediate via Now Assist
Incident Context at Case Open
The Challenge
What they were facing
SOC analysts were spending approximately 80% of their operational time manually reviewing user-reported emails — distinguishing spam and newsletters from genuine threats. This created significant delays in identifying real phishing attempts and increased Mean Time to Resolve (MTTR). The team needed automation to filter noise and surface only credible cases for investigation.
Our Solution
How we built it
XAAS Solutions architected a three-layer automation pipeline.
First, inbound email actions were implemented to automatically parse all user-reported emails into Security Incident Response without manual entry.
Second, a Predictive Intelligence classification model was trained on historical data to automatically distinguish noise from credible threats, routing only genuine "Need Triage" cases to analysts.
Third, Now Assist for SecOps was activated to provide GenAI-driven summaries for high-priority incidents — giving analysts immediate threat context without needing to parse raw logs.
Results
What changed
Tier-1 analyst effort on low-value manual email review was significantly reduced.
Genuine phishing cases were routed faster for deeper investigation, accelerating response times.
Analysts gained full incident context immediately upon opening a record, supporting faster and more accurate decisions.
Mean Time to Resolve (MTTR) was reduced across the phishing triage workflow.
Have a similar challenge?
Talk to our team about how we can help you achieve similar outcomes on ServiceNow.