Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 21:54:24 UTC

Phishing Email Blocked

Low Investigating
ALR-00227 · 2026-07-10T15:19:17Z

Description

Phishing email targeting 'd.walker@company.co.uk' blocked by EmilyAI Triage. Payload: credential harvesting link mimicking Microsoft 365 login.

Alert Metadata

Alert ID
ALR-00227
Timestamp
2026-07-10T15:19:17Z
Severity
Low
Status
Investigating
Detection Source
EmilyAI Triage
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-MAIL-01
User Account
d.walker
Source IP
91.204.195.188
Destination IP
10.1.1.243
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1566.001
Reference
attack.mitre.org/techniques/T1566.001

Investigation Timeline

15:19:17 Event ingested by SOC365 Engine
15:19:18 EmilyAI triage started — correlation enrichment
15:19:27 EmilyAI confidence: 86% — escalated to human analyst
15:19:55 Alert assigned to analyst: EmilyAI (auto)
15:21:51 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00417 1m ago Phishing Email Blocked High Open FW-EDGE-01
ALR-00250 7h ago Port Scan Detected Low False Positive SRV-MAIL-01
ALR-00078 8h ago Unauthorised USB Device Low False Positive SRV-MAIL-01
ALR-00292 14h ago Phishing Email Blocked High Investigating SRV-APP-01
ALR-00311 16h ago Anomalous DNS Query Low Resolved SRV-MAIL-01