Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:10:56 UTC

Certificate Anomaly

Low Escalated
ALR-00119 · 2026-05-27T12:41:42Z

Description

TLS certificate anomaly detected on SRV-SQL-01. Self-signed certificate on port 443 does not match expected corporate CA chain.

Alert Metadata

Alert ID
ALR-00119
Timestamp
2026-05-27T12:41:42Z
Severity
Low
Status
Escalated
Detection Source
EmilyAI Triage
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-SQL-01
User Account
c.williams
Source IP
91.129.195.144
Destination IP
10.3.13.7
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Defence Evasion
Technique
T1553.004
Reference
attack.mitre.org/techniques/T1553.004

Investigation Timeline

12:41:42 Event ingested by SOC365 Engine
12:41:47 EmilyAI triage started — correlation enrichment
12:41:55 EmilyAI confidence: 97% — escalated to human analyst
12:41:57 Alert assigned to analyst: EmilyAI (auto)
12:43:20 Investigation started — querying SIEM and threat intelligence
12:45:09 Containment action taken — endpoint isolated
12:54:25 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00484 9h ago Unauthorised USB Device Low Open SRV-SQL-01
ALR-00493 14h ago Insider Threat Indicator High Open SRV-SQL-01
ALR-00288 16h ago C2 Beacon Activity Low Resolved SRV-SQL-01
ALR-00084 1d ago Suspicious PowerShell Execution Low Escalated SRV-SQL-01
ALR-00321 1d ago Certificate Anomaly Low Escalated SRV-MAIL-01