The threat mitigation allows a LUCY admin to report reported phishing emails to according abuse contact of the provider's originating IP address taken from the message header. You can click on the mail symbol within the incident center to initiate the sending of the report:

The email sent to the abuse contact of the provider can be edited within the incident settings:

The abuse report can contain the following variables:

• %domain% — Domain or IP
• %email% — actual Email
• %time% — Time

LUCY comes with a default abuse template, which should be customized by the admin: