Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:52:01 UTC

Insider Threat Indicator

Informational False Positive
ALR-00057 · 2026-04-07T09:25:20Z

Description

Anomalous after-hours access by 'f.hall' on WS-PC-004. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Attack Surface Scanner.

Alert Metadata

Alert ID
ALR-00057
Timestamp
2026-04-07T09:25:20Z
Severity
Informational
Status
False Positive
Detection Source
Attack Surface Scanner
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-004
User Account
f.hall
Source IP
194.210.62.6
Destination IP
10.0.53.193
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Collection
Technique
T1119
Reference
attack.mitre.org/techniques/T1119

Investigation Timeline

09:25:20 Event ingested by SOC365 Engine
09:25:25 EmilyAI triage started — correlation enrichment
09:25:34 EmilyAI confidence: 98% — escalated to human analyst
09:25:46 Alert assigned to analyst: EmilyAI (auto)
09:27:16 Investigation started — querying SIEM and threat intelligence
09:32:11 Containment action taken — endpoint isolated
09:44:25 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00216 1h ago Failed MFA Challenge Medium Investigating WS-PC-004
ALR-00149 7h ago Insider Threat Indicator Low Open SRV-SQL-01
ALR-00075 8h ago Shadow IT Discovery Medium Resolved WS-PC-004
ALR-00337 16h ago Insider Threat Indicator High Escalated AP-WIFI-03
ALR-00098 1d ago Suspicious Scheduled Task Informational Investigating WS-PC-004