Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:43:09 UTC

Tor Exit Node Connection

Informational Escalated
ALR-00088 · 2026-07-08T09:01:23Z

Description

Connection from WS-PC-004 to known Tor exit node detected by Endpoint Agent. User 'c.williams' was active at the time.

Alert Metadata

Alert ID
ALR-00088
Timestamp
2026-07-08T09:01:23Z
Severity
Informational
Status
Escalated
Detection Source
Endpoint Agent
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-004
User Account
c.williams
Source IP
194.226.62.21
Destination IP
10.3.114.40
Origin Country
NL Netherlands

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

09:01:23 Event ingested by SOC365 Engine
09:01:24 EmilyAI triage started — correlation enrichment
09:01:29 EmilyAI confidence: 95% — escalated to human analyst
09:01:56 Alert assigned to analyst: EmilyAI (auto)
09:04:05 Investigation started — querying SIEM and threat intelligence
09:09:05 Containment action taken — endpoint isolated
09:20:36 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00471 1h ago Unauthorised USB Device High Open WS-PC-004
ALR-00030 9h ago Insider Threat Indicator Informational False Positive WS-PC-004
ALR-00363 15h ago Brute Force SSH High Investigating WS-PC-004
ALR-00103 17h ago Tor Exit Node Connection Low Investigating AP-WIFI-03
ALR-00474 20h ago Ransomware Behaviour Detected Low Open WS-PC-004