Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:43:59 UTC

Port Scan Detected

Low Escalated
ALR-00206 · 2026-07-04T20:37:22Z

Description

Sequential port scan (1-1024) detected targeting SW-CORE-01 from external IP. Dark Web Monitor identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00206
Timestamp
2026-07-04T20:37:22Z
Severity
Low
Status
Escalated
Detection Source
Dark Web Monitor
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SW-CORE-01
User Account
f.hall
Source IP
103.103.216.253
Destination IP
10.0.171.17
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

20:37:22 Event ingested by SOC365 Engine
20:37:27 EmilyAI triage started — correlation enrichment
20:37:37 EmilyAI confidence: 81% — escalated to human analyst
20:38:07 Alert assigned to analyst: EmilyAI (auto)
20:38:37 Investigation started — querying SIEM and threat intelligence
20:43:05 Containment action taken — endpoint isolated
20:56:25 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00080 1h ago Failed MFA Challenge Low Resolved SW-CORE-01
ALR-00202 2h ago Port Scan Detected Medium Resolved SRV-SQL-01
ALR-00148 6h ago Port Scan Detected High Investigating WS-LAP-010
ALR-00494 9h ago DLP Policy Violation Critical Investigating SW-CORE-01
ALR-00095 19h ago Port Scan Detected Medium Investigating SRV-WEB-01