Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:49:58 UTC

Tor Exit Node Connection

Low Resolved
ALR-00012 · 2026-04-08T06:40:26Z

Description

Connection from SRV-WEB-01 to known Tor exit node detected by Endpoint Agent. User 'h.roberts' was active at the time.

Alert Metadata

Alert ID
ALR-00012
Timestamp
2026-04-08T06:40:26Z
Severity
Low
Status
Resolved
Detection Source
Endpoint Agent
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-WEB-01
User Account
h.roberts
Source IP
45.153.148.9
Destination IP
10.1.129.182
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

06:40:26 Event ingested by SOC365 Engine
06:40:27 EmilyAI triage started — correlation enrichment
06:40:31 EmilyAI confidence: 90% — escalated to human analyst
06:41:09 Alert assigned to analyst: EmilyAI (auto)
06:42:56 Investigation started — querying SIEM and threat intelligence
06:49:13 Containment action taken — endpoint isolated
06:51:43 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00234 7h ago Tor Exit Node Connection Medium False Positive AP-WIFI-03
ALR-00054 9h ago Privilege Escalation Attempt Low Investigating SRV-WEB-01
ALR-00493 9h ago Rogue DHCP Server Medium Investigating SRV-WEB-01
ALR-00330 12h ago Port Scan Detected Medium False Positive SRV-WEB-01
ALR-00437 12h ago Suspicious PowerShell Execution Informational False Positive SRV-WEB-01