Unauthorised USB Device
Medium
False Positive
ALR-00132 · 2026-07-09T03:40:39Z
Description
Unauthorised USB mass storage device connected to WS-LAP-012 by user 'k.brown'. Device blocked by Network IDS endpoint policy.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
03:40:39
Event ingested by SOC365 Engine
03:40:42
EmilyAI triage started — correlation enrichment
03:40:53
EmilyAI confidence: 90% — escalated to human analyst
03:41:09
Alert assigned to analyst: James Okonkwo
03:43:00
Investigation started — querying SIEM and threat intelligence
03:44:49
Containment action taken — endpoint isolated
03:53:53
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00043 | 3h ago | Data Exfiltration Attempt | Low | False Positive | WS-LAP-012 |
| ALR-00110 | 5h ago | Kerberoasting Attempt | Low | Open | WS-LAP-012 |
| ALR-00107 | 6h ago | Unauthorised USB Device | Informational | Investigating | SRV-DC-01 |
| ALR-00050 | 11h ago | Anomalous DNS Query | Low | False Positive | WS-LAP-012 |
| ALR-00082 | 13h ago | Privilege Escalation Attempt | Medium | Escalated | WS-LAP-012 |