Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:52:29 UTC

Insider Threat Indicator

Low Open
ALR-00044 · 2026-05-25T03:40:23Z

Description

Anomalous after-hours access by 'k.brown' on SRV-DC-01. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Firewall.

Alert Metadata

Alert ID
ALR-00044
Timestamp
2026-05-25T03:40:23Z
Severity
Low
Status
Open
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-DC-01
User Account
k.brown
Source IP
194.44.62.86
Destination IP
10.3.244.133
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Collection
Technique
T1119
Reference
attack.mitre.org/techniques/T1119

Investigation Timeline

03:40:23 Event ingested by SOC365 Engine
03:40:24 EmilyAI triage started — correlation enrichment
03:40:28 EmilyAI confidence: 80% — escalated to human analyst
03:40:46 Alert assigned to analyst: EmilyAI (auto)
03:43:00 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00011 12h ago Shadow IT Discovery Medium Escalated SRV-DC-01
ALR-00095 14h ago Insider Threat Indicator High Escalated SRV-MAIL-01
ALR-00357 14h ago Shadow IT Discovery Low Open SRV-DC-01
ALR-00469 17h ago Credential Stuffing Attempt High Escalated SRV-DC-01
ALR-00021 21h ago C2 Beacon Activity Medium False Positive SRV-DC-01