Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:55:01 UTC

Certificate Anomaly

Low Resolved
ALR-00024 · 2026-04-11T09:23:26Z

Description

TLS certificate anomaly detected on SRV-APP-01. Self-signed certificate on port 443 does not match expected corporate CA chain.

Alert Metadata

Alert ID
ALR-00024
Timestamp
2026-04-11T09:23:26Z
Severity
Low
Status
Resolved
Detection Source
Attack Surface Scanner
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-APP-01
User Account
c.williams
Source IP
194.56.62.239
Destination IP
10.1.92.253
Origin Country
CN China

MITRE ATT&CK Mapping

Tactic
Defence Evasion
Technique
T1553.004
Reference
attack.mitre.org/techniques/T1553.004

Investigation Timeline

09:23:26 Event ingested by SOC365 Engine
09:23:31 EmilyAI triage started — correlation enrichment
09:23:39 EmilyAI confidence: 82% — escalated to human analyst
09:24:10 Alert assigned to analyst: EmilyAI (auto)
09:24:25 Investigation started — querying SIEM and threat intelligence
09:27:32 Containment action taken — endpoint isolated
09:40:56 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00182 5h ago DLP Policy Violation Medium Escalated SRV-APP-01
ALR-00018 6h ago Certificate Anomaly Informational Resolved WS-LAP-012
ALR-00472 11h ago Certificate Anomaly Low Escalated WS-PC-006
ALR-00424 13h ago Shadow IT Discovery Medium False Positive SRV-APP-01
ALR-00416 13h ago Tor Exit Node Connection Medium False Positive SRV-APP-01