Insider Threat Indicator
Medium
Open
ALR-00017 · 2026-07-09T12:22:49Z
Description
Anomalous after-hours access by 'h.roberts' on WS-PC-001. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by EmilyAI Triage.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
12:22:49
Event ingested by SOC365 Engine
12:22:52
EmilyAI triage started — correlation enrichment
12:23:02
EmilyAI confidence: 80% — escalated to human analyst
12:23:07
Alert assigned to analyst: Anika Patel
12:24:14
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00002 | 4h ago | Insider Threat Indicator | Low | False Positive | WS-LAP-011 |
| ALR-00365 | 11h ago | Tor Exit Node Connection | Low | Investigating | WS-PC-001 |
| ALR-00142 | 13h ago | Phishing Email Blocked | Medium | Open | WS-PC-001 |
| ALR-00314 | 17h ago | DecoyPulse Honeypot Triggered | Informational | Escalated | WS-PC-001 |
| ALR-00307 | 19h ago | Insider Threat Indicator | Low | Open | AP-WIFI-03 |