Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:04:50 UTC

Tor Exit Node Connection

Informational Escalated
ALR-00216 · 2026-05-23T06:23:09Z

Description

Connection from WS-PC-006 to known Tor exit node detected by Endpoint Agent. User 'm.taylor' was active at the time.

Alert Metadata

Alert ID
ALR-00216
Timestamp
2026-05-23T06:23:09Z
Severity
Informational
Status
Escalated
Detection Source
Endpoint Agent
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-006
User Account
m.taylor
Source IP
103.251.216.45
Destination IP
10.2.59.195
Origin Country
NL Netherlands

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

06:23:09 Event ingested by SOC365 Engine
06:23:14 EmilyAI triage started — correlation enrichment
06:23:14 EmilyAI confidence: 88% — escalated to human analyst
06:23:32 Alert assigned to analyst: EmilyAI (auto)
06:25:12 Investigation started — querying SIEM and threat intelligence
06:26:45 Containment action taken — endpoint isolated
06:41:27 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00280 37m ago Tor Exit Node Connection Low Escalated WS-PC-003
ALR-00315 3h ago Tor Exit Node Connection Informational False Positive WS-PC-004
ALR-00056 4h ago Tor Exit Node Connection Informational Open SRV-APP-01
ALR-00318 5h ago Tor Exit Node Connection Informational Escalated WS-PC-003
ALR-00037 8h ago Tor Exit Node Connection Medium Investigating SRV-APP-01