Unauthorised USB Device
Medium
Escalated
ALR-00015 · 2026-07-06T15:06:18Z
Description
Unauthorised USB mass storage device connected to SW-CORE-01 by user 'k.brown'. Device blocked by Firewall endpoint policy.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
15:06:18
Event ingested by SOC365 Engine
15:06:19
EmilyAI triage started — correlation enrichment
15:06:23
EmilyAI confidence: 80% — escalated to human analyst
15:07:03
Alert assigned to analyst: Anika Patel
15:07:28
Investigation started — querying SIEM and threat intelligence
15:13:17
Containment action taken — endpoint isolated
15:21:27
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00024 | 6h ago | Unauthorised USB Device | Low | False Positive | WS-LAP-011 |
| ALR-00468 | 16h ago | Unauthorised USB Device | Low | Open | AP-WIFI-03 |
| ALR-00119 | 17h ago | Unauthorised USB Device | Low | Resolved | VM-DEV-01 |
| ALR-00442 | 23h ago | Privilege Escalation Attempt | Informational | Escalated | SW-CORE-01 |
| ALR-00154 | 1d ago | Unauthorised USB Device | Low | Open | SRV-MAIL-01 |