Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:57:22 UTC

Tor Exit Node Connection

Medium False Positive
ALR-00093 · 2026-04-06T21:04:02Z

Description

Connection from FW-EDGE-01 to known Tor exit node detected by Attack Surface Scanner. User 'm.taylor' was active at the time.

Alert Metadata

Alert ID
ALR-00093
Timestamp
2026-04-06T21:04:02Z
Severity
Medium
Status
False Positive
Detection Source
Attack Surface Scanner
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
FW-EDGE-01
User Account
m.taylor
Source IP
91.150.195.78
Destination IP
10.2.158.21
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

21:04:02 Event ingested by SOC365 Engine
21:04:07 EmilyAI triage started — correlation enrichment
21:04:14 EmilyAI confidence: 86% — escalated to human analyst
21:04:20 Alert assigned to analyst: Anika Patel
21:04:51 Investigation started — querying SIEM and threat intelligence
21:10:59 Containment action taken — endpoint isolated
21:18:40 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00243 11m ago Tor Exit Node Connection Medium Investigating SRV-FILE-01
ALR-00066 3h ago Unusual Outbound Traffic Medium False Positive FW-EDGE-01
ALR-00401 4h ago Tor Exit Node Connection High Open WS-PC-001
ALR-00408 4h ago Tor Exit Node Connection Informational Escalated WS-PC-003
ALR-00118 9h ago Malware Signature Match Medium Resolved FW-EDGE-01