Unauthorised USB Device
Informational
Escalated
ALR-00030 · 2026-05-23T23:48:10Z
Description
Unauthorised USB mass storage device connected to WS-MAC-005 by user 'a.wilson'. Device blocked by Firewall endpoint policy.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
23:48:10
Event ingested by SOC365 Engine
23:48:14
EmilyAI triage started — correlation enrichment
23:48:25
EmilyAI confidence: 86% — escalated to human analyst
23:48:46
Alert assigned to analyst: EmilyAI (auto)
23:49:17
Investigation started — querying SIEM and threat intelligence
23:51:59
Containment action taken — endpoint isolated
00:02:54
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00015 | 3h ago | Unauthorised USB Device | Informational | False Positive | AP-WIFI-03 |
| ALR-00026 | 5h ago | C2 Beacon Activity | Informational | Investigating | WS-MAC-005 |
| ALR-00383 | 6h ago | Unauthorised USB Device | Medium | Investigating | WS-PC-003 |
| ALR-00465 | 8h ago | Pass-the-Hash Detected | Medium | Escalated | WS-MAC-005 |
| ALR-00484 | 9h ago | Unauthorised USB Device | Low | Open | SRV-SQL-01 |