Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:54:55 UTC

Phishing Email Blocked

Informational Escalated
ALR-00020 · 2026-05-22T12:30:03Z

Description

Phishing email targeting 'system@company.co.uk' blocked by DecoyPulse. Payload: credential harvesting link mimicking Microsoft 365 login.

Alert Metadata

Alert ID
ALR-00020
Timestamp
2026-05-22T12:30:03Z
Severity
Informational
Status
Escalated
Detection Source
DecoyPulse
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-004
User Account
system
Source IP
45.26.148.114
Destination IP
10.2.99.31
Origin Country
FR France

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1566.001
Reference
attack.mitre.org/techniques/T1566.001

Investigation Timeline

12:30:03 Event ingested by SOC365 Engine
12:30:05 EmilyAI triage started — correlation enrichment
12:30:15 EmilyAI confidence: 79% — escalated to human analyst
12:30:23 Alert assigned to analyst: EmilyAI (auto)
12:32:49 Investigation started — querying SIEM and threat intelligence
12:38:12 Containment action taken — endpoint isolated
12:45:25 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00449 1h ago Insider Threat Indicator Low Open WS-PC-004
ALR-00309 3h ago Phishing Email Blocked Medium Investigating WS-LAP-012
ALR-00166 4h ago Suspicious PowerShell Execution Low Investigating WS-PC-004
ALR-00263 4h ago Suspicious PowerShell Execution Medium False Positive WS-PC-004
ALR-00404 7h ago Brute Force SSH Informational Investigating WS-PC-004