Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:41:45 UTC

Unauthorised USB Device

Medium Escalated
ALR-00015 · 2026-07-06T15:06:18Z

Description

Unauthorised USB mass storage device connected to SW-CORE-01 by user 'k.brown'. Device blocked by Firewall endpoint policy.

Alert Metadata

Alert ID
ALR-00015
Timestamp
2026-07-06T15:06:18Z
Severity
Medium
Status
Escalated
Detection Source
Firewall
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
SW-CORE-01
User Account
k.brown
Source IP
103.54.216.33
Destination IP
10.2.86.239
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1091
Reference
attack.mitre.org/techniques/T1091

Investigation Timeline

15:06:18 Event ingested by SOC365 Engine
15:06:19 EmilyAI triage started — correlation enrichment
15:06:23 EmilyAI confidence: 80% — escalated to human analyst
15:07:03 Alert assigned to analyst: Anika Patel
15:07:28 Investigation started — querying SIEM and threat intelligence
15:13:17 Containment action taken — endpoint isolated
15:21:27 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00024 6h ago Unauthorised USB Device Low False Positive WS-LAP-011
ALR-00468 16h ago Unauthorised USB Device Low Open AP-WIFI-03
ALR-00119 17h ago Unauthorised USB Device Low Resolved VM-DEV-01
ALR-00442 23h ago Privilege Escalation Attempt Informational Escalated SW-CORE-01
ALR-00154 1d ago Unauthorised USB Device Low Open SRV-MAIL-01