Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:27:33 UTC

Unauthorised USB Device

High Open
ALR-00223 · 2026-04-07T09:56:31Z

Description

Unauthorised USB mass storage device connected to SRV-DC-01 by user 'm.taylor'. Device blocked by Email Gateway endpoint policy.

Alert Metadata

Alert ID
ALR-00223
Timestamp
2026-04-07T09:56:31Z
Severity
High
Status
Open
Detection Source
Email Gateway
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
SRV-DC-01
User Account
m.taylor
Source IP
45.210.148.93
Destination IP
10.1.41.142
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1091
Reference
attack.mitre.org/techniques/T1091

Investigation Timeline

09:56:31 Event ingested by SOC365 Engine
09:56:36 EmilyAI triage started — correlation enrichment
09:56:37 EmilyAI confidence: 82% — escalated to human analyst
09:56:46 Alert assigned to analyst: Anika Patel
09:57:51 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00174 27m ago Unauthorised USB Device Low Resolved WS-PC-006
ALR-00275 3h ago Unauthorised USB Device Medium Investigating SRV-FILE-01
ALR-00137 6h ago Unauthorised USB Device Informational Open WS-PC-002
ALR-00205 7h ago Privilege Escalation Attempt High Open SRV-DC-01
ALR-00240 8h ago Unauthorised USB Device Low False Positive WS-MAC-005