Insider Threat Indicator
Medium
Escalated
ALR-00005 · 2026-07-10T00:00:06Z
Description
Anomalous after-hours access by 'k.brown' on SRV-DC-01. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Network IDS.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
00:00:06
Event ingested by SOC365 Engine
00:00:11
EmilyAI triage started — correlation enrichment
00:00:11
EmilyAI confidence: 93% — escalated to human analyst
00:00:35
Alert assigned to analyst: James Okonkwo
00:01:51
Investigation started — querying SIEM and threat intelligence
00:03:52
Containment action taken — endpoint isolated
00:12:06
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00353 | 3h ago | Privilege Escalation Attempt | Medium | Open | SRV-DC-01 |
| ALR-00304 | 8h ago | Insider Threat Indicator | Informational | Resolved | WS-LAP-011 |
| ALR-00191 | 9h ago | Insider Threat Indicator | Low | Resolved | VM-DEV-01 |
| ALR-00161 | 18h ago | Insider Threat Indicator | Critical | Open | SW-CORE-01 |
| ALR-00036 | 19h ago | Brute Force SSH | Informational | Escalated | SRV-DC-01 |