Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:10:57 UTC

Unauthorised USB Device

Low Escalated
ALR-00110 · 2026-05-26T20:12:27Z

Description

Unauthorised USB mass storage device connected to AP-WIFI-03 by user 'f.hall'. Device blocked by Network IDS endpoint policy.

Alert Metadata

Alert ID
ALR-00110
Timestamp
2026-05-26T20:12:27Z
Severity
Low
Status
Escalated
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
AP-WIFI-03
User Account
f.hall
Source IP
45.118.148.6
Destination IP
10.2.127.133
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1091
Reference
attack.mitre.org/techniques/T1091

Investigation Timeline

20:12:27 Event ingested by SOC365 Engine
20:12:28 EmilyAI triage started — correlation enrichment
20:12:36 EmilyAI confidence: 97% — escalated to human analyst
20:12:53 Alert assigned to analyst: EmilyAI (auto)
20:15:00 Investigation started — querying SIEM and threat intelligence
20:17:06 Containment action taken — endpoint isolated
20:22:32 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00167 3h ago Suspicious PowerShell Execution Medium Open AP-WIFI-03
ALR-00015 3h ago Unauthorised USB Device Informational False Positive AP-WIFI-03
ALR-00383 6h ago Unauthorised USB Device Medium Investigating WS-PC-003
ALR-00132 6h ago Shadow IT Discovery Low Open AP-WIFI-03
ALR-00484 9h ago Unauthorised USB Device Low Open SRV-SQL-01