Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:54:18 UTC

Port Scan Detected

Medium Resolved
ALR-00047 · 2026-05-21T07:17:59Z

Description

Sequential port scan (1-1024) detected targeting WS-PC-004 from external IP. DecoyPulse identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00047
Timestamp
2026-05-21T07:17:59Z
Severity
Medium
Status
Resolved
Detection Source
DecoyPulse
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
WS-PC-004
User Account
h.roberts
Source IP
103.39.216.17
Destination IP
10.3.99.229
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

07:17:59 Event ingested by SOC365 Engine
07:18:02 EmilyAI triage started — correlation enrichment
07:18:04 EmilyAI confidence: 93% — escalated to human analyst
07:18:30 Alert assigned to analyst: James Okonkwo
07:20:14 Investigation started — querying SIEM and threat intelligence
07:27:16 Containment action taken — endpoint isolated
07:31:56 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00449 1h ago Insider Threat Indicator Low Open WS-PC-004
ALR-00166 4h ago Suspicious PowerShell Execution Low Investigating WS-PC-004
ALR-00263 4h ago Suspicious PowerShell Execution Medium False Positive WS-PC-004
ALR-00362 6h ago Port Scan Detected Low Investigating SRV-APP-01
ALR-00404 7h ago Brute Force SSH Informational Investigating WS-PC-004