Tor Exit Node Connection
Low
False Positive
ALR-00017 · 2026-07-07T17:07:02Z
Description
Connection from SRV-DC-01 to known Tor exit node detected by Cloud Connector. User 's.jones' was active at the time.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
17:07:02
Event ingested by SOC365 Engine
17:07:03
EmilyAI triage started — correlation enrichment
17:07:10
EmilyAI confidence: 95% — escalated to human analyst
17:07:41
Alert assigned to analyst: EmilyAI (auto)
17:09:17
Investigation started — querying SIEM and threat intelligence
17:16:29
Containment action taken — endpoint isolated
17:25:46
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00381 | 3h ago | Tor Exit Node Connection | Medium | False Positive | WS-PC-006 |
| ALR-00110 | 7h ago | Insider Threat Indicator | Medium | Investigating | SRV-DC-01 |
| ALR-00201 | 8h ago | Credential Stuffing Attempt | Medium | Resolved | SRV-DC-01 |
| ALR-00492 | 1d ago | Tor Exit Node Connection | Critical | Investigating | WS-LAP-010 |
| ALR-00109 | 1d ago | Tor Exit Node Connection | High | Investigating | SRV-WEB-01 |