Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:54:14 UTC

Tor Exit Node Connection

Informational Investigating
ALR-00074 · 2026-05-22T10:43:52Z

Description

Connection from SRV-FILE-01 to known Tor exit node detected by Cloud Connector. User 'j.smith' was active at the time.

Alert Metadata

Alert ID
ALR-00074
Timestamp
2026-05-22T10:43:52Z
Severity
Informational
Status
Investigating
Detection Source
Cloud Connector
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-FILE-01
User Account
j.smith
Source IP
194.50.62.251
Destination IP
10.1.181.8
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

10:43:52 Event ingested by SOC365 Engine
10:43:54 EmilyAI triage started — correlation enrichment
10:43:58 EmilyAI confidence: 98% — escalated to human analyst
10:44:25 Alert assigned to analyst: EmilyAI (auto)
10:45:36 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00128 2h ago Privilege Escalation Attempt Low Open SRV-FILE-01
ALR-00030 4h ago Anomalous DNS Query High Investigating SRV-FILE-01
ALR-00032 11h ago Tor Exit Node Connection Informational Resolved VM-DEV-01
ALR-00207 13h ago Suspicious PowerShell Execution Informational False Positive SRV-FILE-01
ALR-00315 15h ago Port Scan Detected Medium Open SRV-FILE-01