Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:52:49 UTC

Port Scan Detected

Informational Escalated
ALR-00035 · 2026-04-12T00:55:40Z

Description

Sequential port scan (1-1024) detected targeting WS-PC-006 from external IP. Cloud Connector identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00035
Timestamp
2026-04-12T00:55:40Z
Severity
Informational
Status
Escalated
Detection Source
Cloud Connector
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-006
User Account
k.brown
Source IP
91.104.195.162
Destination IP
10.2.188.113
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

00:55:40 Event ingested by SOC365 Engine
00:55:41 EmilyAI triage started — correlation enrichment
00:55:50 EmilyAI confidence: 85% — escalated to human analyst
00:56:05 Alert assigned to analyst: EmilyAI (auto)
00:58:12 Investigation started — querying SIEM and threat intelligence
01:00:37 Containment action taken — endpoint isolated
01:13:42 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00294 4h ago Brute Force SSH Low Escalated WS-PC-006
ALR-00416 5h ago Phishing Email Blocked Low Open WS-PC-006
ALR-00334 14h ago Lateral Movement Detected Medium Investigating WS-PC-006
ALR-00327 22h ago Port Scan Detected Low Open SRV-MAIL-01
ALR-00461 1d ago Port Scan Detected Low Escalated WS-LAP-010