Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:41:03 UTC

Unauthorised USB Device

Low Resolved
ALR-00062 · 2026-07-07T14:28:21Z

Description

Unauthorised USB mass storage device connected to SRV-WEB-01 by user 'c.williams'. Device blocked by Endpoint Agent endpoint policy.

Alert Metadata

Alert ID
ALR-00062
Timestamp
2026-07-07T14:28:21Z
Severity
Low
Status
Resolved
Detection Source
Endpoint Agent
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-WEB-01
User Account
c.williams
Source IP
103.220.216.121
Destination IP
10.1.207.206
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1091
Reference
attack.mitre.org/techniques/T1091

Investigation Timeline

14:28:21 Event ingested by SOC365 Engine
14:28:22 EmilyAI triage started — correlation enrichment
14:28:33 EmilyAI confidence: 83% — escalated to human analyst
14:29:01 Alert assigned to analyst: EmilyAI (auto)
14:31:03 Investigation started — querying SIEM and threat intelligence
14:33:12 Containment action taken — endpoint isolated
14:38:53 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00225 4h ago Malware Signature Match Low Investigating SRV-WEB-01
ALR-00024 6h ago Unauthorised USB Device Low False Positive WS-LAP-011
ALR-00462 7h ago Malware Signature Match Low Escalated SRV-WEB-01
ALR-00468 16h ago Unauthorised USB Device Low Open AP-WIFI-03
ALR-00119 17h ago Unauthorised USB Device Low Resolved VM-DEV-01