Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:24:42 UTC

Insider Threat Indicator

Medium Escalated
ALR-00102 · 2026-04-05T18:55:24Z

Description

Anomalous after-hours access by 'n.clark' on SRV-WEB-01. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by SOC365 Engine.

Alert Metadata

Alert ID
ALR-00102
Timestamp
2026-04-05T18:55:24Z
Severity
Medium
Status
Escalated
Detection Source
SOC365 Engine
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SRV-WEB-01
User Account
n.clark
Source IP
194.233.62.62
Destination IP
10.2.182.218
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Collection
Technique
T1119
Reference
attack.mitre.org/techniques/T1119

Investigation Timeline

18:55:24 Event ingested by SOC365 Engine
18:55:25 EmilyAI triage started — correlation enrichment
18:55:34 EmilyAI confidence: 90% — escalated to human analyst
18:55:52 Alert assigned to analyst: Marcus Webb
18:57:13 Investigation started — querying SIEM and threat intelligence
19:01:24 Containment action taken — endpoint isolated
19:11:12 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00308 8h ago Malware Signature Match Low Escalated SRV-WEB-01
ALR-00058 9h ago Ransomware Behaviour Detected High Investigating SRV-WEB-01
ALR-00390 13h ago Rogue DHCP Server Low Investigating SRV-WEB-01
ALR-00254 20h ago Suspicious Scheduled Task Informational Investigating SRV-WEB-01
ALR-00242 23h ago Suspicious PowerShell Execution Low Open SRV-WEB-01