Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:45:30 UTC

Unauthorised USB Device

Low False Positive
ALR-00139 · 2026-07-09T10:44:43Z

Description

Unauthorised USB mass storage device connected to SRV-DC-01 by user 'n.clark'. Device blocked by DLP Module endpoint policy.

Alert Metadata

Alert ID
ALR-00139
Timestamp
2026-07-09T10:44:43Z
Severity
Low
Status
False Positive
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-DC-01
User Account
n.clark
Source IP
185.89.220.168
Destination IP
10.3.41.168
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1091
Reference
attack.mitre.org/techniques/T1091

Investigation Timeline

10:44:43 Event ingested by SOC365 Engine
10:44:46 EmilyAI triage started — correlation enrichment
10:44:50 EmilyAI confidence: 79% — escalated to human analyst
10:45:11 Alert assigned to analyst: EmilyAI (auto)
10:46:27 Investigation started — querying SIEM and threat intelligence
10:48:12 Containment action taken — endpoint isolated
10:55:19 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00107 6h ago Unauthorised USB Device Informational Investigating SRV-DC-01
ALR-00007 12h ago DecoyPulse Honeypot Triggered Medium False Positive SRV-DC-01
ALR-00354 14h ago Suspicious PowerShell Execution High Escalated SRV-DC-01
ALR-00337 15h ago Rogue DHCP Server Low Escalated SRV-DC-01
ALR-00209 21h ago Data Exfiltration Attempt Low False Positive SRV-DC-01