Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:41:58 UTC

Unauthorised USB Device

Medium Resolved
ALR-00016 · 2026-07-05T06:48:48Z

Description

Unauthorised USB mass storage device connected to SRV-BACKUP-01 by user 'n.clark'. Device blocked by SOC365 Engine endpoint policy.

Alert Metadata

Alert ID
ALR-00016
Timestamp
2026-07-05T06:48:48Z
Severity
Medium
Status
Resolved
Detection Source
SOC365 Engine
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SRV-BACKUP-01
User Account
n.clark
Source IP
103.169.216.153
Destination IP
10.3.251.141
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1091
Reference
attack.mitre.org/techniques/T1091

Investigation Timeline

06:48:48 Event ingested by SOC365 Engine
06:48:53 EmilyAI triage started — correlation enrichment
06:49:02 EmilyAI confidence: 85% — escalated to human analyst
06:49:14 Alert assigned to analyst: Marcus Webb
06:50:28 Investigation started — querying SIEM and threat intelligence
06:53:02 Containment action taken — endpoint isolated
07:06:29 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00111 2h ago Certificate Anomaly Low Resolved SRV-BACKUP-01
ALR-00112 8h ago Failed MFA Challenge Medium Resolved SRV-BACKUP-01
ALR-00471 10h ago Unauthorised USB Device Low Open WS-LAP-011
ALR-00307 13h ago Unauthorised USB Device Low Open SRV-WEB-01
ALR-00241 15h ago Unauthorised USB Device Medium Escalated SRV-SQL-01