Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:49:58 UTC

Unauthorised USB Device

Medium Open
ALR-00218 · 2026-04-09T19:30:17Z

Description

Unauthorised USB mass storage device connected to FW-EDGE-01 by user 'e.evans'. Device blocked by Email Gateway endpoint policy.

Alert Metadata

Alert ID
ALR-00218
Timestamp
2026-04-09T19:30:17Z
Severity
Medium
Status
Open
Detection Source
Email Gateway
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
FW-EDGE-01
User Account
e.evans
Source IP
194.194.62.86
Destination IP
10.0.140.157
Origin Country
FR France

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1091
Reference
attack.mitre.org/techniques/T1091

Investigation Timeline

19:30:17 Event ingested by SOC365 Engine
19:30:21 EmilyAI triage started — correlation enrichment
19:30:27 EmilyAI confidence: 96% — escalated to human analyst
19:30:37 Alert assigned to analyst: Marcus Webb
19:32:51 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00228 34m ago Insider Threat Indicator Medium Open FW-EDGE-01
ALR-00155 3h ago Unauthorised USB Device Medium Resolved WS-PC-004
ALR-00391 11h ago Failed MFA Challenge Informational Resolved FW-EDGE-01
ALR-00388 15h ago DLP Policy Violation Medium Resolved FW-EDGE-01
ALR-00200 18h ago Unauthorised USB Device Informational Escalated SRV-DC-01