Port Scan Detected
Informational
Escalated
ALR-00221 · 2026-04-06T00:24:40Z
Description
Sequential port scan (1-1024) detected targeting FW-EDGE-01 from external IP. Dark Web Monitor identified SYN scan pattern.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
00:24:40
Event ingested by SOC365 Engine
00:24:44
EmilyAI triage started — correlation enrichment
00:24:54
EmilyAI confidence: 94% — escalated to human analyst
00:25:13
Alert assigned to analyst: EmilyAI (auto)
00:25:46
Investigation started — querying SIEM and threat intelligence
00:31:47
Containment action taken — endpoint isolated
00:37:34
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00388 | 2h ago | Port Scan Detected | Informational | Investigating | SW-CORE-01 |
| ALR-00449 | 5h ago | Unauthorised USB Device | Medium | False Positive | FW-EDGE-01 |
| ALR-00158 | 10h ago | Suspicious Scheduled Task | Informational | Escalated | FW-EDGE-01 |
| ALR-00428 | 11h ago | C2 Beacon Activity | Medium | Open | FW-EDGE-01 |
| ALR-00376 | 16h ago | Port Scan Detected | Informational | Investigating | SW-CORE-01 |