Insider Threat Indicator
Informational
Escalated
ALR-00018 · 2026-07-08T07:21:29Z
Description
Anomalous after-hours access by 'k.brown' on SRV-FILE-01. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by DLP Module.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
07:21:29
Event ingested by SOC365 Engine
07:21:30
EmilyAI triage started — correlation enrichment
07:21:36
EmilyAI confidence: 96% — escalated to human analyst
07:21:46
Alert assigned to analyst: EmilyAI (auto)
07:22:59
Investigation started — querying SIEM and threat intelligence
07:28:51
Containment action taken — endpoint isolated
07:33:33
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00399 | 8h ago | Lateral Movement Detected | High | Open | SRV-FILE-01 |
| ALR-00030 | 9h ago | Insider Threat Indicator | Informational | False Positive | WS-PC-004 |
| ALR-00112 | 16h ago | Ransomware Behaviour Detected | Medium | Escalated | SRV-FILE-01 |
| ALR-00369 | 16h ago | Ransomware Behaviour Detected | High | Investigating | SRV-FILE-01 |
| ALR-00200 | 17h ago | Unauthorised USB Device | High | Open | SRV-FILE-01 |