Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:39:01 UTC

Port Scan Detected

Medium Investigating
ALR-00086 · 2026-07-05T16:17:22Z

Description

Sequential port scan (1-1024) detected targeting WS-LAP-012 from external IP. DLP Module identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00086
Timestamp
2026-07-05T16:17:22Z
Severity
Medium
Status
Investigating
Detection Source
DLP Module
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
WS-LAP-012
User Account
f.hall
Source IP
91.1.195.71
Destination IP
10.2.220.138
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

16:17:22 Event ingested by SOC365 Engine
16:17:23 EmilyAI triage started — correlation enrichment
16:17:28 EmilyAI confidence: 83% — escalated to human analyst
16:18:01 Alert assigned to analyst: Emma Richardson
16:19:33 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00371 11h ago Ransomware Behaviour Detected Critical Open WS-LAP-012
ALR-00437 16h ago Port Scan Detected Low False Positive WS-PC-006
ALR-00397 16h ago Privilege Escalation Attempt Low Open WS-LAP-012
ALR-00373 18h ago Rogue DHCP Server Medium False Positive WS-LAP-012
ALR-00235 19h ago Failed MFA Challenge Low Escalated WS-LAP-012