Unauthorised USB Device
Medium
Resolved
ALR-00016 · 2026-07-05T06:48:48Z
Description
Unauthorised USB mass storage device connected to SRV-BACKUP-01 by user 'n.clark'. Device blocked by SOC365 Engine endpoint policy.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
06:48:48
Event ingested by SOC365 Engine
06:48:53
EmilyAI triage started — correlation enrichment
06:49:02
EmilyAI confidence: 85% — escalated to human analyst
06:49:14
Alert assigned to analyst: Marcus Webb
06:50:28
Investigation started — querying SIEM and threat intelligence
06:53:02
Containment action taken — endpoint isolated
07:06:29
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00111 | 2h ago | Certificate Anomaly | Low | Resolved | SRV-BACKUP-01 |
| ALR-00112 | 8h ago | Failed MFA Challenge | Medium | Resolved | SRV-BACKUP-01 |
| ALR-00471 | 10h ago | Unauthorised USB Device | Low | Open | WS-LAP-011 |
| ALR-00307 | 13h ago | Unauthorised USB Device | Low | Open | SRV-WEB-01 |
| ALR-00241 | 15h ago | Unauthorised USB Device | Medium | Escalated | SRV-SQL-01 |