Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:40:22 UTC

Tor Exit Node Connection

Medium Escalated
ALR-00064 · 2026-07-09T18:52:55Z

Description

Connection from SRV-MAIL-01 to known Tor exit node detected by Endpoint Agent. User 's.jones' was active at the time.

Alert Metadata

Alert ID
ALR-00064
Timestamp
2026-07-09T18:52:55Z
Severity
Medium
Status
Escalated
Detection Source
Endpoint Agent
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SRV-MAIL-01
User Account
s.jones
Source IP
185.38.220.6
Destination IP
10.3.49.171
Origin Country
CN China

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

18:52:55 Event ingested by SOC365 Engine
18:53:00 EmilyAI triage started — correlation enrichment
18:53:07 EmilyAI confidence: 93% — escalated to human analyst
18:53:37 Alert assigned to analyst: Marcus Webb
18:55:01 Investigation started — querying SIEM and threat intelligence
19:02:49 Containment action taken — endpoint isolated
19:03:44 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00403 12h ago Tor Exit Node Connection Informational Open WS-MAC-005
ALR-00397 13h ago DLP Policy Violation Low Investigating SRV-MAIL-01
ALR-00133 14h ago Tor Exit Node Connection Low False Positive WS-PC-002
ALR-00032 14h ago Suspicious Scheduled Task Informational False Positive SRV-MAIL-01
ALR-00471 14h ago Failed MFA Challenge Informational Resolved SRV-MAIL-01