Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:25:07 UTC

Phishing Email Blocked

Medium Investigating
ALR-00003 · 2026-07-05T00:49:38Z

Description

Phishing email targeting 'c.williams@company.co.uk' blocked by Endpoint Agent. Payload: credential harvesting link mimicking Microsoft 365 login.

Alert Metadata

Alert ID
ALR-00003
Timestamp
2026-07-05T00:49:38Z
Severity
Medium
Status
Investigating
Detection Source
Endpoint Agent
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
SRV-SQL-01
User Account
c.williams
Source IP
91.167.195.23
Destination IP
10.2.216.152
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1566.001
Reference
attack.mitre.org/techniques/T1566.001

Investigation Timeline

00:49:38 Event ingested by SOC365 Engine
00:49:40 EmilyAI triage started — correlation enrichment
00:49:45 EmilyAI confidence: 93% — escalated to human analyst
00:50:20 Alert assigned to analyst: Anika Patel
00:51:15 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00492 7h ago Rogue DHCP Server Informational False Positive SRV-SQL-01
ALR-00422 17h ago DecoyPulse Honeypot Triggered Informational False Positive SRV-SQL-01
ALR-00215 22h ago DecoyPulse Honeypot Triggered Low False Positive SRV-SQL-01
ALR-00087 1d ago Phishing Email Blocked Low Investigating WS-PC-002
ALR-00002 1d ago Insider Threat Indicator Informational Open SRV-SQL-01