Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:56:22 UTC

Insider Threat Indicator

High Escalated
ALR-00062 · 2026-05-24T03:34:49Z

Description

Anomalous after-hours access by 'k.brown' on SRV-DC-01. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by SOC365 Engine.

Alert Metadata

Alert ID
ALR-00062
Timestamp
2026-05-24T03:34:49Z
Severity
High
Status
Escalated
Detection Source
SOC365 Engine
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SRV-DC-01
User Account
k.brown
Source IP
103.43.216.35
Destination IP
10.1.226.63
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Collection
Technique
T1119
Reference
attack.mitre.org/techniques/T1119

Investigation Timeline

03:34:49 Event ingested by SOC365 Engine
03:34:51 EmilyAI triage started — correlation enrichment
03:34:58 EmilyAI confidence: 96% — escalated to human analyst
03:35:17 Alert assigned to analyst: Marcus Webb
03:37:18 Investigation started — querying SIEM and threat intelligence
03:38:27 Containment action taken — endpoint isolated
03:45:43 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00197 7h ago Kerberoasting Attempt Medium False Positive SRV-DC-01
ALR-00269 14h ago Data Exfiltration Attempt Medium Open SRV-DC-01
ALR-00312 17h ago Suspicious PowerShell Execution Low Investigating SRV-DC-01
ALR-00401 19h ago Insider Threat Indicator Low Open WS-PC-003
ALR-00370 20h ago Insider Threat Indicator Informational False Positive SRV-APP-01