Insider Threat Indicator
Medium
Investigating
ALR-00102 · 2026-07-11T00:29:19Z
Description
Anomalous after-hours access by 'e.evans' on WS-LAP-012. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by SOC365 Engine.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
00:29:19
Event ingested by SOC365 Engine
00:29:20
EmilyAI triage started — correlation enrichment
00:29:31
EmilyAI confidence: 91% — escalated to human analyst
00:29:48
Alert assigned to analyst: Sarah Chen
00:31:59
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00252 | 57m ago | Anomalous DNS Query | High | Investigating | WS-LAP-012 |
| ALR-00233 | 4h ago | Malware Signature Match | Low | Investigating | WS-LAP-012 |
| ALR-00402 | 12h ago | Brute Force SSH | Low | Open | WS-LAP-012 |
| ALR-00331 | 17h ago | Credential Stuffing Attempt | Medium | Escalated | WS-LAP-012 |
| ALR-00388 | 20h ago | Ransomware Behaviour Detected | Low | False Positive | WS-LAP-012 |