Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:21:32 UTC

Phishing Email Blocked

High Investigating
ALR-00154 · 2026-04-08T08:08:05Z

Description

Phishing email targeting 'k.brown@company.co.uk' blocked by Email Gateway. Payload: credential harvesting link mimicking Microsoft 365 login.

Alert Metadata

Alert ID
ALR-00154
Timestamp
2026-04-08T08:08:05Z
Severity
High
Status
Investigating
Detection Source
Email Gateway
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
VM-DEV-01
User Account
k.brown
Source IP
194.167.62.50
Destination IP
10.2.248.102
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1566.001
Reference
attack.mitre.org/techniques/T1566.001

Investigation Timeline

08:08:05 Event ingested by SOC365 Engine
08:08:09 EmilyAI triage started — correlation enrichment
08:08:17 EmilyAI confidence: 86% — escalated to human analyst
08:08:26 Alert assigned to analyst: James Okonkwo
08:11:03 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00040 55m ago Unauthorised USB Device Low Open VM-DEV-01
ALR-00329 1h ago Tor Exit Node Connection Informational False Positive VM-DEV-01
ALR-00056 7h ago DecoyPulse Honeypot Triggered Low Investigating VM-DEV-01
ALR-00180 8h ago Rogue DHCP Server Low Investigating VM-DEV-01
ALR-00338 9h ago Phishing Email Blocked Low False Positive WS-PC-006