Tor Exit Node Connection
Low
Resolved
ALR-00003 · 2026-05-25T04:56:24Z
Description
Connection from VM-DEV-01 to known Tor exit node detected by Network IDS. User 'h.roberts' was active at the time.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
04:56:24
Event ingested by SOC365 Engine
04:56:26
EmilyAI triage started — correlation enrichment
04:56:34
EmilyAI confidence: 89% — escalated to human analyst
04:56:57
Alert assigned to analyst: EmilyAI (auto)
04:58:27
Investigation started — querying SIEM and threat intelligence
04:59:54
Containment action taken — endpoint isolated
05:07:11
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00114 | 9h ago | Insider Threat Indicator | Informational | Resolved | VM-DEV-01 |
| ALR-00032 | 11h ago | Tor Exit Node Connection | Informational | Resolved | VM-DEV-01 |
| ALR-00342 | 19h ago | C2 Beacon Activity | Low | Open | VM-DEV-01 |
| ALR-00097 | 22h ago | Tor Exit Node Connection | Medium | Investigating | WS-PC-003 |
| ALR-00270 | 1d ago | Tor Exit Node Connection | Medium | False Positive | WS-PC-004 |