Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:27:00 UTC

Insider Threat Indicator

Medium Resolved
ALR-00133 · 2026-04-07T13:53:34Z

Description

Anomalous after-hours access by 'r.davies' on WS-PC-002. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Email Gateway.

Alert Metadata

Alert ID
ALR-00133
Timestamp
2026-04-07T13:53:34Z
Severity
Medium
Status
Resolved
Detection Source
Email Gateway
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
WS-PC-002
User Account
r.davies
Source IP
185.16.220.213
Destination IP
10.0.203.119
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Collection
Technique
T1119
Reference
attack.mitre.org/techniques/T1119

Investigation Timeline

13:53:34 Event ingested by SOC365 Engine
13:53:39 EmilyAI triage started — correlation enrichment
13:53:48 EmilyAI confidence: 94% — escalated to human analyst
13:54:11 Alert assigned to analyst: Marcus Webb
13:55:32 Investigation started — querying SIEM and threat intelligence
13:57:31 Containment action taken — endpoint isolated
14:06:23 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00367 2h ago Tor Exit Node Connection Medium Open WS-PC-002
ALR-00137 6h ago Unauthorised USB Device Informational Open WS-PC-002
ALR-00399 8h ago DecoyPulse Honeypot Triggered Low Escalated WS-PC-002
ALR-00423 9h ago Insider Threat Indicator Informational Investigating SW-CORE-01
ALR-00249 11h ago Insider Threat Indicator Medium Open SRV-SQL-01