Unauthorised USB Device
Informational
Resolved
ALR-00134 · 2026-07-09T22:41:39Z
Description
Unauthorised USB mass storage device connected to SRV-BACKUP-01 by user 'e.evans'. Device blocked by Attack Surface Scanner endpoint policy.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
22:41:39
Event ingested by SOC365 Engine
22:41:41
EmilyAI triage started — correlation enrichment
22:41:44
EmilyAI confidence: 90% — escalated to human analyst
22:42:05
Alert assigned to analyst: EmilyAI (auto)
22:44:39
Investigation started — querying SIEM and threat intelligence
22:50:56
Containment action taken — endpoint isolated
23:00:31
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00297 | 45m ago | Tor Exit Node Connection | Low | Investigating | SRV-BACKUP-01 |
| ALR-00219 | 4h ago | Unauthorised USB Device | Medium | Investigating | SW-CORE-01 |
| ALR-00020 | 13h ago | Unauthorised USB Device | Low | Escalated | WS-LAP-012 |
| ALR-00371 | 14h ago | Unauthorised USB Device | Low | Investigating | WS-LAP-012 |
| ALR-00292 | 15h ago | C2 Beacon Activity | High | Escalated | SRV-BACKUP-01 |