Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:44:20 UTC

Insider Threat Indicator

Medium Open
ALR-00189 · 2026-04-07T21:16:02Z

Description

Anomalous after-hours access by 'f.hall' on WS-LAP-011. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by EmilyAI Triage.

Alert Metadata

Alert ID
ALR-00189
Timestamp
2026-04-07T21:16:02Z
Severity
Medium
Status
Open
Detection Source
EmilyAI Triage
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
WS-LAP-011
User Account
f.hall
Source IP
45.157.148.233
Destination IP
10.0.182.175
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Collection
Technique
T1119
Reference
attack.mitre.org/techniques/T1119

Investigation Timeline

21:16:02 Event ingested by SOC365 Engine
21:16:07 EmilyAI triage started — correlation enrichment
21:16:08 EmilyAI confidence: 84% — escalated to human analyst
21:16:20 Alert assigned to analyst: Marcus Webb
21:17:27 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00307 37m ago Failed MFA Challenge Low False Positive WS-LAP-011
ALR-00046 5h ago Insider Threat Indicator Informational Open FW-EDGE-01
ALR-00117 12h ago C2 Beacon Activity Medium Escalated WS-LAP-011
ALR-00437 18h ago Malware Signature Match Medium Resolved WS-LAP-011
ALR-00363 1d ago Insider Threat Indicator Critical Investigating SRV-FILE-01