Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:19:10 UTC

Insider Threat Indicator

Medium Resolved
ALR-00129 · 2026-04-11T22:02:06Z

Description

Anomalous after-hours access by 'f.hall' on WS-PC-001. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Firewall.

Alert Metadata

Alert ID
ALR-00129
Timestamp
2026-04-11T22:02:06Z
Severity
Medium
Status
Resolved
Detection Source
Firewall
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
WS-PC-001
User Account
f.hall
Source IP
45.4.148.223
Destination IP
10.3.209.4
Origin Country
RO Romania

MITRE ATT&CK Mapping

Tactic
Collection
Technique
T1119
Reference
attack.mitre.org/techniques/T1119

Investigation Timeline

22:02:06 Event ingested by SOC365 Engine
22:02:07 EmilyAI triage started — correlation enrichment
22:02:16 EmilyAI confidence: 88% — escalated to human analyst
22:02:22 Alert assigned to analyst: Emma Richardson
22:04:20 Investigation started — querying SIEM and threat intelligence
22:05:52 Containment action taken — endpoint isolated
22:18:36 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00112 6h ago Insider Threat Indicator Medium Open WS-LAP-011
ALR-00482 1d ago Insider Threat Indicator Low Escalated WS-PC-001
ALR-00115 1d ago Lateral Movement Detected Low Open WS-PC-001
ALR-00181 1d ago Phishing Email Blocked Informational Investigating WS-PC-001
ALR-00160 2d ago Insider Threat Indicator High Open WS-PC-002