Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:41:32 UTC

Tor Exit Node Connection

Informational Resolved
ALR-00079 · 2026-07-11T18:35:18Z

Description

Connection from WS-LAP-010 to known Tor exit node detected by Email Gateway. User 'c.williams' was active at the time.

Alert Metadata

Alert ID
ALR-00079
Timestamp
2026-07-11T18:35:18Z
Severity
Informational
Status
Resolved
Detection Source
Email Gateway
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-LAP-010
User Account
c.williams
Source IP
194.131.62.162
Destination IP
10.0.139.232
Origin Country
CN China

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

18:35:18 Event ingested by SOC365 Engine
18:35:23 EmilyAI triage started — correlation enrichment
18:35:30 EmilyAI confidence: 88% — escalated to human analyst
18:35:34 Alert assigned to analyst: EmilyAI (auto)
18:36:58 Investigation started — querying SIEM and threat intelligence
18:41:53 Containment action taken — endpoint isolated
18:48:05 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00454 39m ago Credential Stuffing Attempt High Investigating WS-LAP-010
ALR-00166 3h ago Pass-the-Hash Detected Low Resolved WS-LAP-010
ALR-00413 4h ago Shadow IT Discovery Low Investigating WS-LAP-010
ALR-00050 15h ago Brute Force SSH Informational Resolved WS-LAP-010
ALR-00231 16h ago Unauthorised USB Device Low Open WS-LAP-010