Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:40:30 UTC

Phishing Email Blocked

Medium Resolved
ALR-00040 · 2026-07-05T20:21:51Z

Description

Phishing email targeting 'system@company.co.uk' blocked by Email Gateway. Payload: credential harvesting link mimicking Microsoft 365 login.

Alert Metadata

Alert ID
ALR-00040
Timestamp
2026-07-05T20:21:51Z
Severity
Medium
Status
Resolved
Detection Source
Email Gateway
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
FW-EDGE-01
User Account
system
Source IP
103.181.216.53
Destination IP
10.1.2.20
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1566.001
Reference
attack.mitre.org/techniques/T1566.001

Investigation Timeline

20:21:51 Event ingested by SOC365 Engine
20:21:52 EmilyAI triage started — correlation enrichment
20:22:06 EmilyAI confidence: 91% — escalated to human analyst
20:22:30 Alert assigned to analyst: Emma Richardson
20:22:42 Investigation started — querying SIEM and threat intelligence
20:30:26 Containment action taken — endpoint isolated
20:39:07 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00314 2h ago Phishing Email Blocked Medium Open WS-PC-001
ALR-00360 4h ago Data Exfiltration Attempt Medium Investigating FW-EDGE-01
ALR-00342 6h ago Phishing Email Blocked Critical Open AP-WIFI-03
ALR-00438 9h ago Shadow IT Discovery Low Escalated FW-EDGE-01
ALR-00201 20h ago Phishing Email Blocked Low Resolved WS-LAP-010