Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:22:20 UTC

Insider Threat Indicator

Low Open
ALR-00115 · 2026-04-06T00:52:51Z

Description

Anomalous after-hours access by 'j.smith' on SRV-FILE-01. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Network IDS.

Alert Metadata

Alert ID
ALR-00115
Timestamp
2026-04-06T00:52:51Z
Severity
Low
Status
Open
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-FILE-01
User Account
j.smith
Source IP
194.146.62.236
Destination IP
10.1.61.54
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Collection
Technique
T1119
Reference
attack.mitre.org/techniques/T1119

Investigation Timeline

00:52:51 Event ingested by SOC365 Engine
00:52:53 EmilyAI triage started — correlation enrichment
00:53:02 EmilyAI confidence: 92% — escalated to human analyst
00:53:13 Alert assigned to analyst: EmilyAI (auto)
00:55:39 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00441 7h ago Insider Threat Indicator High Escalated SW-CORE-01
ALR-00221 7h ago Insider Threat Indicator Medium Escalated FW-EDGE-01
ALR-00097 7h ago Insider Threat Indicator Low Open VM-DEV-01
ALR-00317 9h ago Rogue DHCP Server Low Resolved SRV-FILE-01
ALR-00038 14h ago Shadow IT Discovery Informational Investigating SRV-FILE-01