Unauthorised USB Device
Medium
False Positive
ALR-00116 · 2026-05-20T21:02:46Z
Description
Unauthorised USB mass storage device connected to FW-EDGE-01 by user 's.jones'. Device blocked by Firewall endpoint policy.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
21:02:46
Event ingested by SOC365 Engine
21:02:51
EmilyAI triage started — correlation enrichment
21:02:56
EmilyAI confidence: 78% — escalated to human analyst
21:03:25
Alert assigned to analyst: Sarah Chen
21:04:56
Investigation started — querying SIEM and threat intelligence
21:05:58
Containment action taken — endpoint isolated
21:21:24
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00449 | 2h ago | Unauthorised USB Device | Medium | Open | SRV-DC-01 |
| ALR-00060 | 10h ago | Unauthorised USB Device | Informational | Escalated | WS-PC-006 |
| ALR-00354 | 18h ago | Unauthorised USB Device | Medium | Escalated | WS-PC-004 |
| ALR-00239 | 1d ago | Suspicious Scheduled Task | High | Escalated | FW-EDGE-01 |
| ALR-00441 | 1d ago | Unauthorised USB Device | Medium | False Positive | WS-PC-001 |