Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:23:12 UTC

Insider Threat Indicator

Informational Open
ALR-00175 · 2026-04-07T03:15:08Z

Description

Anomalous after-hours access by 'm.taylor' on SRV-DC-01. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Email Gateway.

Alert Metadata

Alert ID
ALR-00175
Timestamp
2026-04-07T03:15:08Z
Severity
Informational
Status
Open
Detection Source
Email Gateway
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-DC-01
User Account
m.taylor
Source IP
103.1.216.132
Destination IP
10.0.101.179
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Collection
Technique
T1119
Reference
attack.mitre.org/techniques/T1119

Investigation Timeline

03:15:08 Event ingested by SOC365 Engine
03:15:09 EmilyAI triage started — correlation enrichment
03:15:16 EmilyAI confidence: 86% — escalated to human analyst
03:15:46 Alert assigned to analyst: EmilyAI (auto)
03:17:03 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00232 4h ago Insider Threat Indicator Medium Escalated SRV-SQL-01
ALR-00089 9h ago Phishing Email Blocked Low Escalated SRV-DC-01
ALR-00004 1d ago Insider Threat Indicator Low False Positive SW-CORE-01
ALR-00363 1d ago Port Scan Detected Medium Investigating SRV-DC-01
ALR-00064 1d ago Tor Exit Node Connection Medium Resolved SRV-DC-01