Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:39:49 UTC

Port Scan Detected

High Open
ALR-00137 · 2026-07-06T06:12:49Z

Description

Sequential port scan (1-1024) detected targeting SRV-DC-01 from external IP. Firewall identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00137
Timestamp
2026-07-06T06:12:49Z
Severity
High
Status
Open
Detection Source
Firewall
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
SRV-DC-01
User Account
f.hall
Source IP
194.11.62.232
Destination IP
10.0.133.153
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

06:12:49 Event ingested by SOC365 Engine
06:12:52 EmilyAI triage started — correlation enrichment
06:12:56 EmilyAI confidence: 78% — escalated to human analyst
06:13:06 Alert assigned to analyst: James Okonkwo
06:14:07 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00217 18h ago Port Scan Detected Low Investigating SRV-APP-01
ALR-00185 20h ago Port Scan Detected Low Escalated WS-PC-004
ALR-00007 20h ago Anomalous DNS Query Medium False Positive SRV-DC-01
ALR-00127 1d ago Brute Force SSH Medium Investigating SRV-DC-01
ALR-00467 1d ago Pass-the-Hash Detected Medium Resolved SRV-DC-01