Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:09:54 UTC

Port Scan Detected

Low Investigating
ALR-00160 · 2026-05-24T17:08:15Z

Description

Sequential port scan (1-1024) detected targeting WS-LAP-010 from external IP. Dark Web Monitor identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00160
Timestamp
2026-05-24T17:08:15Z
Severity
Low
Status
Investigating
Detection Source
Dark Web Monitor
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-LAP-010
User Account
r.davies
Source IP
194.42.62.152
Destination IP
10.2.112.60
Origin Country
RO Romania

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

17:08:15 Event ingested by SOC365 Engine
17:08:17 EmilyAI triage started — correlation enrichment
17:08:24 EmilyAI confidence: 80% — escalated to human analyst
17:08:37 Alert assigned to analyst: EmilyAI (auto)
17:09:53 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00119 1h ago Insider Threat Indicator Medium Escalated WS-LAP-010
ALR-00253 6h ago Port Scan Detected Low Open WS-MAC-005
ALR-00413 11h ago Port Scan Detected Informational Investigating SRV-WEB-01
ALR-00247 16h ago Anomalous DNS Query High Investigating WS-LAP-010
ALR-00471 1d ago Port Scan Detected Informational False Positive WS-LAP-012