Tor Exit Node Connection
Informational
Escalated
ALR-00088 · 2026-07-08T09:01:23Z
Description
Connection from WS-PC-004 to known Tor exit node detected by Endpoint Agent. User 'c.williams' was active at the time.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
09:01:23
Event ingested by SOC365 Engine
09:01:24
EmilyAI triage started — correlation enrichment
09:01:29
EmilyAI confidence: 95% — escalated to human analyst
09:01:56
Alert assigned to analyst: EmilyAI (auto)
09:04:05
Investigation started — querying SIEM and threat intelligence
09:09:05
Containment action taken — endpoint isolated
09:20:36
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00471 | 1h ago | Unauthorised USB Device | High | Open | WS-PC-004 |
| ALR-00030 | 9h ago | Insider Threat Indicator | Informational | False Positive | WS-PC-004 |
| ALR-00363 | 15h ago | Brute Force SSH | High | Investigating | WS-PC-004 |
| ALR-00103 | 17h ago | Tor Exit Node Connection | Low | Investigating | AP-WIFI-03 |
| ALR-00474 | 20h ago | Ransomware Behaviour Detected | Low | Open | WS-PC-004 |