Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:07:14 UTC

Port Scan Detected

Informational False Positive
ALR-00124 · 2026-05-23T21:10:42Z

Description

Sequential port scan (1-1024) detected targeting SRV-APP-01 from external IP. Firewall identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00124
Timestamp
2026-05-23T21:10:42Z
Severity
Informational
Status
False Positive
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-APP-01
User Account
f.hall
Source IP
194.21.62.102
Destination IP
10.2.141.21
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

21:10:42 Event ingested by SOC365 Engine
21:10:43 EmilyAI triage started — correlation enrichment
21:10:53 EmilyAI confidence: 82% — escalated to human analyst
21:11:09 Alert assigned to analyst: EmilyAI (auto)
21:13:06 Investigation started — querying SIEM and threat intelligence
21:19:50 Containment action taken — endpoint isolated
21:21:21 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00471 3h ago Port Scan Detected Low False Positive SRV-WEB-01
ALR-00156 5h ago Insider Threat Indicator Medium Escalated SRV-APP-01
ALR-00326 9h ago Ransomware Behaviour Detected Low False Positive SRV-APP-01
ALR-00231 12h ago Credential Stuffing Attempt Low Investigating SRV-APP-01
ALR-00412 15h ago Port Scan Detected Low False Positive VM-DEV-01