Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 12:14:50 UTC

Port Scan Detected

Low Resolved
ALR-00003 · 2026-04-12T01:50:20Z

Description

Sequential port scan (1-1024) detected targeting SRV-MAIL-01 from external IP. Network IDS identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00003
Timestamp
2026-04-12T01:50:20Z
Severity
Low
Status
Resolved
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-MAIL-01
User Account
h.roberts
Source IP
103.160.216.13
Destination IP
10.1.130.84
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

01:50:20 Event ingested by SOC365 Engine
01:50:22 EmilyAI triage started — correlation enrichment
01:50:31 EmilyAI confidence: 94% — escalated to human analyst
01:50:53 Alert assigned to analyst: EmilyAI (auto)
01:52:35 Investigation started — querying SIEM and threat intelligence
01:59:30 Containment action taken — endpoint isolated
02:08:09 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00294 10m ago Tor Exit Node Connection Medium Open SRV-MAIL-01
ALR-00300 7h ago Unauthorised USB Device Medium Escalated SRV-MAIL-01
ALR-00232 9h ago Lateral Movement Detected Informational Resolved SRV-MAIL-01
ALR-00251 1d ago Lateral Movement Detected Medium Resolved SRV-MAIL-01
ALR-00082 1d ago Phishing Email Blocked Medium Open SRV-MAIL-01