Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:27:32 UTC

Insider Threat Indicator

Informational Resolved
ALR-00186 · 2026-04-11T04:07:30Z

Description

Anomalous after-hours access by 'p.thomas' on WS-PC-001. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Cloud Connector.

Alert Metadata

Alert ID
ALR-00186
Timestamp
2026-04-11T04:07:30Z
Severity
Informational
Status
Resolved
Detection Source
Cloud Connector
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-001
User Account
p.thomas
Source IP
103.149.216.210
Destination IP
10.0.77.228
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Collection
Technique
T1119
Reference
attack.mitre.org/techniques/T1119

Investigation Timeline

04:07:30 Event ingested by SOC365 Engine
04:07:31 EmilyAI triage started — correlation enrichment
04:07:45 EmilyAI confidence: 95% — escalated to human analyst
04:07:53 Alert assigned to analyst: EmilyAI (auto)
04:08:48 Investigation started — querying SIEM and threat intelligence
04:11:35 Containment action taken — endpoint isolated
04:25:02 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00089 5h ago Credential Stuffing Attempt Low Open WS-PC-001
ALR-00498 6h ago Tor Exit Node Connection High Open WS-PC-001
ALR-00458 7h ago Privilege Escalation Attempt Informational Investigating WS-PC-001
ALR-00487 7h ago Unusual Outbound Traffic Low Investigating WS-PC-001
ALR-00423 9h ago Insider Threat Indicator Informational Investigating SW-CORE-01