Insider Threat Indicator
Informational
Open
ALR-00113 · 2026-07-07T16:23:55Z
Description
Anomalous after-hours access by 'm.taylor' on WS-PC-006. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Endpoint Agent.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
16:23:55
Event ingested by SOC365 Engine
16:23:59
EmilyAI triage started — correlation enrichment
16:24:05
EmilyAI confidence: 78% — escalated to human analyst
16:24:14
Alert assigned to analyst: EmilyAI (auto)
16:25:17
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00170 | 50m ago | Lateral Movement Detected | Informational | False Positive | WS-PC-006 |
| ALR-00174 | 5h ago | Insider Threat Indicator | Informational | Escalated | AP-WIFI-03 |
| ALR-00487 | 7h ago | Certificate Anomaly | Low | Escalated | WS-PC-006 |
| ALR-00040 | 11h ago | Insider Threat Indicator | Low | False Positive | WS-PC-006 |
| ALR-00279 | 21h ago | Insider Threat Indicator | High | Open | SRV-BACKUP-01 |