Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:38:07 UTC

Phishing Email Blocked

Low Resolved
ALR-00029 · 2026-07-09T02:00:00Z

Description

Phishing email targeting 'system@company.co.uk' blocked by Dark Web Monitor. Payload: credential harvesting link mimicking Microsoft 365 login.

Alert Metadata

Alert ID
ALR-00029
Timestamp
2026-07-09T02:00:00Z
Severity
Low
Status
Resolved
Detection Source
Dark Web Monitor
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-002
User Account
system
Source IP
45.18.148.75
Destination IP
10.2.79.246
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1566.001
Reference
attack.mitre.org/techniques/T1566.001

Investigation Timeline

02:00:00 Event ingested by SOC365 Engine
02:00:05 EmilyAI triage started — correlation enrichment
02:00:12 EmilyAI confidence: 88% — escalated to human analyst
02:00:45 Alert assigned to analyst: EmilyAI (auto)
02:02:08 Investigation started — querying SIEM and threat intelligence
02:07:11 Containment action taken — endpoint isolated
02:18:33 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00068 2h ago Phishing Email Blocked Low Escalated WS-LAP-011
ALR-00490 22h ago Anomalous DNS Query Informational Investigating WS-PC-002
ALR-00149 22h ago Shadow IT Discovery Medium Escalated WS-PC-002
ALR-00355 22h ago Phishing Email Blocked Medium Open AP-WIFI-03
ALR-00367 1d ago Brute Force SSH Medium Resolved WS-PC-002