Insider Threat Indicator
Low
Escalated
ALR-00029 · 2026-05-24T23:05:47Z
Description
Anomalous after-hours access by 'm.taylor' on WS-LAP-011. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Attack Surface Scanner.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
23:05:47
Event ingested by SOC365 Engine
23:05:50
EmilyAI triage started — correlation enrichment
23:05:57
EmilyAI confidence: 97% — escalated to human analyst
23:06:05
Alert assigned to analyst: EmilyAI (auto)
23:07:44
Investigation started — querying SIEM and threat intelligence
23:14:13
Containment action taken — endpoint isolated
23:20:24
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00095 | 14h ago | Insider Threat Indicator | High | Escalated | SRV-MAIL-01 |
| ALR-00169 | 1d ago | DLP Policy Violation | Low | Investigating | WS-LAP-011 |
| ALR-00498 | 1d ago | Insider Threat Indicator | Low | Resolved | SRV-APP-01 |
| ALR-00455 | 1d ago | Unauthorised USB Device | High | Escalated | WS-LAP-011 |
| ALR-00258 | 1d ago | Lateral Movement Detected | Informational | Escalated | WS-LAP-011 |