Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:57:23 UTC

Tor Exit Node Connection

High Open
ALR-00016 · 2026-04-11T16:50:17Z

Description

Connection from SW-CORE-01 to known Tor exit node detected by Attack Surface Scanner. User 'k.brown' was active at the time.

Alert Metadata

Alert ID
ALR-00016
Timestamp
2026-04-11T16:50:17Z
Severity
High
Status
Open
Detection Source
Attack Surface Scanner
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SW-CORE-01
User Account
k.brown
Source IP
45.71.148.17
Destination IP
10.2.109.251
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

16:50:17 Event ingested by SOC365 Engine
16:50:20 EmilyAI triage started — correlation enrichment
16:50:32 EmilyAI confidence: 98% — escalated to human analyst
16:50:35 Alert assigned to analyst: Marcus Webb
16:51:37 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00243 11m ago Tor Exit Node Connection Medium Investigating SRV-FILE-01
ALR-00427 19m ago Port Scan Detected Informational Open SW-CORE-01
ALR-00113 1h ago Credential Stuffing Attempt Informational False Positive SW-CORE-01
ALR-00401 4h ago Tor Exit Node Connection High Open WS-PC-001
ALR-00408 4h ago Tor Exit Node Connection Informational Escalated WS-PC-003