Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:54:52 UTC

Port Scan Detected

Medium False Positive
ALR-00049 · 2026-05-20T16:58:28Z

Description

Sequential port scan (1-1024) detected targeting SRV-WEB-01 from external IP. Network IDS identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00049
Timestamp
2026-05-20T16:58:28Z
Severity
Medium
Status
False Positive
Detection Source
Network IDS
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
SRV-WEB-01
User Account
n.clark
Source IP
103.128.216.32
Destination IP
10.3.149.6
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

16:58:28 Event ingested by SOC365 Engine
16:58:33 EmilyAI triage started — correlation enrichment
16:58:43 EmilyAI confidence: 87% — escalated to human analyst
16:58:55 Alert assigned to analyst: Sarah Chen
17:01:24 Investigation started — querying SIEM and threat intelligence
17:03:48 Containment action taken — endpoint isolated
17:10:36 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00362 6h ago Port Scan Detected Low Investigating SRV-APP-01
ALR-00011 7h ago Data Exfiltration Attempt High Escalated SRV-WEB-01
ALR-00406 10h ago Data Exfiltration Attempt Informational False Positive SRV-WEB-01
ALR-00315 15h ago Port Scan Detected Medium Open SRV-FILE-01
ALR-00401 22h ago Port Scan Detected High Escalated SRV-BACKUP-01