BrandSafe Incidents
Each brand threat detected by BrandSafe is surfaced as an incident in the XTron Console with full context and recommended actions.
Viewing Incidents
Navigate to Incidents → BrandSafe in the XTron Console. Filter by:
- Severity — Critical, High, Medium, Low
- Status — Open, In Progress, Closed
- Brand domain — The monitored domain that triggered the detection
- Date range
Incident Types and Response Guidance
Phishing Site
A website actively impersonating your brand to steal user credentials, payment information, or personal data.
Response:
- Verify the site is live and actively phishing
- Identify the hosting provider and registrar (available in the incident fields)
- Submit abuse reports to the registrar, hosting provider, and browser safe browsing lists
- If customers may have been targeted, consider a customer notification
- Report to relevant law enforcement if significant fraud is involved
Quick takedown resources:
- Google Safe Browsing: safebrowsing.google.com/safebrowsing/report_phish/
- Microsoft SmartScreen: microsoft.com/wdsi/support/report-unsafe-site
- PhishTank: phishtank.org
Typosquatting Domain
A domain registered with a variation of your brand name that could redirect traffic, host phishing content, or be used for spear-phishing emails.
Response:
- Assess the intent — is it parked, actively impersonating, or sending emails?
- If actively malicious: file a UDRP complaint or registrar abuse report
- If parked and not yet weaponized: monitor for escalation
- Consider defensive registration of high-risk typosquat variants
Fake Social Media Profile
An account falsely claiming to represent your brand or executives on LinkedIn, X (Twitter), Facebook, Instagram, or similar platforms.
Response:
- Report directly to the platform using their impersonation reporting tool
- Document the profile before reporting (screenshot, URL, username)
- Alert your social media team to monitor for user confusion
Fake App
An app in an official or third-party app store using your brand name, logo, or description.
Response:
- For official stores (Google Play, Apple App Store): submit a developer removal request
- For third-party stores: submit abuse reports directly
- Publish a security advisory on your website if the fake app is widespread
Incident Fields
| Field | Description |
|---|---|
id | Unique numeric ID |
title | Short description of the threat |
taskKey | Ticket key (e.g., BSINC-789) |
status_statusCd | Open, In Progress, Closed |
severity_label | Critical, High, Medium, Low |
category_name | Threat category |
description | Full details |
brand_name | Monitored brand name |
brand_domain | Monitored brand domain |
url | URL of the infringing asset |
ip_address | IP address of the infringing host |
platform | Platform where the threat was detected |
registrar | Domain registrar |
webhost_authority | Hosting provider |
webhost_country | Country where the site is hosted |
impact | Potential impact |
recommendation | Suggested response action |
Updating Incident Status
Track takedown progress and update incident status via the XTron Console under Incidents → BrandSafe → [incident] → Update Status. Add investigation notes to document abuse reports submitted and their outcomes.