Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:51:11 UTC

Tor Exit Node Connection

Informational False Positive
ALR-00186 · 2026-07-06T06:19:42Z

Description

Connection from WS-PC-006 to known Tor exit node detected by SOC365 Engine. User 'a.wilson' was active at the time.

Alert Metadata

Alert ID
ALR-00186
Timestamp
2026-07-06T06:19:42Z
Severity
Informational
Status
False Positive
Detection Source
SOC365 Engine
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-006
User Account
a.wilson
Source IP
45.147.148.62
Destination IP
10.0.95.224
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

06:19:42 Event ingested by SOC365 Engine
06:19:45 EmilyAI triage started — correlation enrichment
06:19:48 EmilyAI confidence: 80% — escalated to human analyst
06:20:06 Alert assigned to analyst: EmilyAI (auto)
06:22:29 Investigation started — querying SIEM and threat intelligence
06:24:10 Containment action taken — endpoint isolated
06:37:00 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00433 3h ago Tor Exit Node Connection High Investigating SW-CORE-01
ALR-00169 10h ago Tor Exit Node Connection Medium False Positive WS-LAP-011
ALR-00053 16h ago Tor Exit Node Connection Medium Escalated SRV-SQL-01
ALR-00187 1d ago Tor Exit Node Connection Low Resolved WS-MAC-005
ALR-00130 1d ago Tor Exit Node Connection Medium Escalated SRV-DC-01