Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:05:35 UTC

Port Scan Detected

Low Open
ALR-00193 · 2026-05-26T03:51:43Z

Description

Sequential port scan (1-1024) detected targeting AP-WIFI-03 from external IP. Firewall identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00193
Timestamp
2026-05-26T03:51:43Z
Severity
Low
Status
Open
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
AP-WIFI-03
User Account
d.walker
Source IP
194.210.62.77
Destination IP
10.2.237.29
Origin Country
CN China

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

03:51:43 Event ingested by SOC365 Engine
03:51:46 EmilyAI triage started — correlation enrichment
03:51:55 EmilyAI confidence: 93% — escalated to human analyst
03:52:15 Alert assigned to analyst: EmilyAI (auto)
03:52:40 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00453 5h ago Pass-the-Hash Detected Low False Positive AP-WIFI-03
ALR-00343 9h ago Port Scan Detected Medium Resolved SRV-DC-01
ALR-00327 12h ago Port Scan Detected Low Investigating SRV-DC-01
ALR-00172 16h ago Privilege Escalation Attempt Medium Open AP-WIFI-03
ALR-00171 17h ago Port Scan Detected High Escalated SRV-DC-01