Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:02:23 UTC

Insider Threat Indicator

Medium Open
ALR-00149 · 2026-05-21T23:04:48Z

Description

Anomalous after-hours access by 'e.evans' on SRV-APP-01. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by SOC365 Engine.

Alert Metadata

Alert ID
ALR-00149
Timestamp
2026-05-21T23:04:48Z
Severity
Medium
Status
Open
Detection Source
SOC365 Engine
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SRV-APP-01
User Account
e.evans
Source IP
103.173.216.126
Destination IP
10.0.96.13
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Collection
Technique
T1119
Reference
attack.mitre.org/techniques/T1119

Investigation Timeline

23:04:48 Event ingested by SOC365 Engine
23:04:50 EmilyAI triage started — correlation enrichment
23:04:55 EmilyAI confidence: 89% — escalated to human analyst
23:05:07 Alert assigned to analyst: Marcus Webb
23:07:10 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00184 3h ago Insider Threat Indicator High Investigating WS-LAP-010
ALR-00379 12h ago Insider Threat Indicator High Investigating AP-WIFI-03
ALR-00079 15h ago Unauthorised USB Device Low Investigating SRV-APP-01
ALR-00342 17h ago Insider Threat Indicator Medium False Positive SRV-SQL-01
ALR-00224 18h ago Credential Stuffing Attempt Low Resolved SRV-APP-01