Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:10:51 UTC

Unauthorised USB Device

Informational Escalated
ALR-00030 · 2026-05-23T23:48:10Z

Description

Unauthorised USB mass storage device connected to WS-MAC-005 by user 'a.wilson'. Device blocked by Firewall endpoint policy.

Alert Metadata

Alert ID
ALR-00030
Timestamp
2026-05-23T23:48:10Z
Severity
Informational
Status
Escalated
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-MAC-005
User Account
a.wilson
Source IP
91.49.195.239
Destination IP
10.1.109.49
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1091
Reference
attack.mitre.org/techniques/T1091

Investigation Timeline

23:48:10 Event ingested by SOC365 Engine
23:48:14 EmilyAI triage started — correlation enrichment
23:48:25 EmilyAI confidence: 86% — escalated to human analyst
23:48:46 Alert assigned to analyst: EmilyAI (auto)
23:49:17 Investigation started — querying SIEM and threat intelligence
23:51:59 Containment action taken — endpoint isolated
00:02:54 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00015 3h ago Unauthorised USB Device Informational False Positive AP-WIFI-03
ALR-00026 5h ago C2 Beacon Activity Informational Investigating WS-MAC-005
ALR-00383 6h ago Unauthorised USB Device Medium Investigating WS-PC-003
ALR-00465 8h ago Pass-the-Hash Detected Medium Escalated WS-MAC-005
ALR-00484 9h ago Unauthorised USB Device Low Open SRV-SQL-01