Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:05:35 UTC

Malware Signature Match

Medium False Positive
ALR-00150 · 2026-05-26T10:31:49Z

Description

Known malware signature (Emotet variant) detected in file on WS-PC-006. Firewall quarantined the file. User context: n.clark.

Alert Metadata

Alert ID
ALR-00150
Timestamp
2026-05-26T10:31:49Z
Severity
Medium
Status
False Positive
Detection Source
Firewall
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
WS-PC-006
User Account
n.clark
Source IP
103.128.216.251
Destination IP
10.2.25.161
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Execution
Technique
T1204.002
Reference
attack.mitre.org/techniques/T1204.002

Investigation Timeline

10:31:49 Event ingested by SOC365 Engine
10:31:50 EmilyAI triage started — correlation enrichment
10:32:03 EmilyAI confidence: 86% — escalated to human analyst
10:32:04 Alert assigned to analyst: Marcus Webb
10:33:36 Investigation started — querying SIEM and threat intelligence
10:41:03 Containment action taken — endpoint isolated
10:46:07 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00306 18m ago Malware Signature Match Low Open WS-LAP-010
ALR-00276 2h ago DLP Policy Violation Low Escalated WS-PC-006
ALR-00278 8h ago Tor Exit Node Connection Informational Open WS-PC-006
ALR-00264 15h ago Malware Signature Match High Escalated WS-LAP-010
ALR-00355 16h ago Anomalous DNS Query Informational False Positive WS-PC-006