Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:50:47 UTC

Insider Threat Indicator

High Escalated
ALR-00029 · 2026-04-09T14:52:48Z

Description

Anomalous after-hours access by 'm.taylor' on SRV-SQL-01. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Dark Web Monitor.

Alert Metadata

Alert ID
ALR-00029
Timestamp
2026-04-09T14:52:48Z
Severity
High
Status
Escalated
Detection Source
Dark Web Monitor
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
SRV-SQL-01
User Account
m.taylor
Source IP
194.187.62.76
Destination IP
10.2.121.8
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Collection
Technique
T1119
Reference
attack.mitre.org/techniques/T1119

Investigation Timeline

14:52:48 Event ingested by SOC365 Engine
14:52:51 EmilyAI triage started — correlation enrichment
14:53:02 EmilyAI confidence: 88% — escalated to human analyst
14:53:23 Alert assigned to analyst: Sarah Chen
14:55:41 Investigation started — querying SIEM and threat intelligence
14:56:59 Containment action taken — endpoint isolated
15:04:57 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00069 2h ago Insider Threat Indicator Medium Open WS-LAP-011
ALR-00223 6h ago Port Scan Detected Medium False Positive SRV-SQL-01
ALR-00306 11h ago Insider Threat Indicator Low Investigating SW-CORE-01
ALR-00173 14h ago Insider Threat Indicator Informational Escalated WS-PC-006
ALR-00421 15h ago Lateral Movement Detected Low False Positive SRV-SQL-01