Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:19:11 UTC

Phishing Email Blocked

High Open
ALR-00147 · 2026-04-09T16:18:33Z

Description

Phishing email targeting 's.jones@company.co.uk' blocked by Endpoint Agent. Payload: credential harvesting link mimicking Microsoft 365 login.

Alert Metadata

Alert ID
ALR-00147
Timestamp
2026-04-09T16:18:33Z
Severity
High
Status
Open
Detection Source
Endpoint Agent
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
SRV-BACKUP-01
User Account
s.jones
Source IP
45.185.148.54
Destination IP
10.0.84.241
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1566.001
Reference
attack.mitre.org/techniques/T1566.001

Investigation Timeline

16:18:33 Event ingested by SOC365 Engine
16:18:34 EmilyAI triage started — correlation enrichment
16:18:39 EmilyAI confidence: 78% — escalated to human analyst
16:19:04 Alert assigned to analyst: James Okonkwo
16:21:09 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00498 31m ago Rogue DHCP Server Medium False Positive SRV-BACKUP-01
ALR-00046 10h ago Phishing Email Blocked Informational Resolved WS-LAP-010
ALR-00417 11h ago Phishing Email Blocked Medium Open SRV-FILE-01
ALR-00457 12h ago Privilege Escalation Attempt Medium False Positive SRV-BACKUP-01
ALR-00010 15h ago Tor Exit Node Connection Low Escalated SRV-BACKUP-01