Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:24:42 UTC

Port Scan Detected

Low Resolved
ALR-00209 · 2026-04-08T03:14:15Z

Description

Sequential port scan (1-1024) detected targeting SRV-MAIL-01 from external IP. DLP Module identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00209
Timestamp
2026-04-08T03:14:15Z
Severity
Low
Status
Resolved
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-MAIL-01
User Account
c.williams
Source IP
185.193.220.129
Destination IP
10.3.188.103
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

03:14:15 Event ingested by SOC365 Engine
03:14:19 EmilyAI triage started — correlation enrichment
03:14:21 EmilyAI confidence: 93% — escalated to human analyst
03:14:57 Alert assigned to analyst: EmilyAI (auto)
03:17:01 Investigation started — querying SIEM and threat intelligence
03:22:06 Containment action taken — endpoint isolated
03:34:04 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00388 2h ago Port Scan Detected Informational Investigating SW-CORE-01
ALR-00171 4h ago Lateral Movement Detected Medium Open SRV-MAIL-01
ALR-00316 9h ago Lateral Movement Detected High Open SRV-MAIL-01
ALR-00145 13h ago DecoyPulse Honeypot Triggered Critical Investigating SRV-MAIL-01
ALR-00389 16h ago Malware Signature Match Low False Positive SRV-MAIL-01