Port Scan Detected
Informational
Escalated
ALR-00115 · 2026-07-09T19:48:04Z
Description
Sequential port scan (1-1024) detected targeting SRV-DC-01 from external IP. Dark Web Monitor identified SYN scan pattern.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
19:48:04
Event ingested by SOC365 Engine
19:48:08
EmilyAI triage started — correlation enrichment
19:48:09
EmilyAI confidence: 91% — escalated to human analyst
19:48:29
Alert assigned to analyst: EmilyAI (auto)
19:49:07
Investigation started — querying SIEM and threat intelligence
19:56:44
Containment action taken — endpoint isolated
20:00:00
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00385 | 3h ago | Port Scan Detected | Medium | False Positive | WS-LAP-012 |
| ALR-00366 | 11h ago | Port Scan Detected | Critical | Escalated | FW-EDGE-01 |
| ALR-00286 | 12h ago | DLP Policy Violation | Informational | Open | SRV-DC-01 |
| ALR-00159 | 14h ago | Certificate Anomaly | Informational | Resolved | SRV-DC-01 |
| ALR-00158 | 16h ago | DecoyPulse Honeypot Triggered | Critical | Escalated | SRV-DC-01 |