Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:07:13 UTC

Port Scan Detected

High Escalated
ALR-00196 · 2026-05-21T09:55:21Z

Description

Sequential port scan (1-1024) detected targeting WS-PC-006 from external IP. Dark Web Monitor identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00196
Timestamp
2026-05-21T09:55:21Z
Severity
High
Status
Escalated
Detection Source
Dark Web Monitor
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
WS-PC-006
User Account
l.johnson
Source IP
45.30.148.172
Destination IP
10.3.55.39
Origin Country
RO Romania

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

09:55:21 Event ingested by SOC365 Engine
09:55:22 EmilyAI triage started — correlation enrichment
09:55:36 EmilyAI confidence: 94% — escalated to human analyst
09:55:40 Alert assigned to analyst: Marcus Webb
09:57:11 Investigation started — querying SIEM and threat intelligence
10:03:35 Containment action taken — endpoint isolated
10:07:00 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00471 3h ago Port Scan Detected Low False Positive SRV-WEB-01
ALR-00077 13h ago Certificate Anomaly Low Resolved WS-PC-006
ALR-00412 15h ago Port Scan Detected Low False Positive VM-DEV-01
ALR-00334 1d ago Ransomware Behaviour Detected Informational Investigating WS-PC-006
ALR-00270 1d ago Port Scan Detected Low Resolved WS-LAP-011