Port Scan Detected
Informational
False Positive
ALR-00231 · 2026-07-09T23:49:02Z
Description
Sequential port scan (1-1024) detected targeting SRV-BACKUP-01 from external IP. DecoyPulse identified SYN scan pattern.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
23:49:02
Event ingested by SOC365 Engine
23:49:05
EmilyAI triage started — correlation enrichment
23:49:12
EmilyAI confidence: 93% — escalated to human analyst
23:49:23
Alert assigned to analyst: EmilyAI (auto)
23:51:26
Investigation started — querying SIEM and threat intelligence
23:56:20
Containment action taken — endpoint isolated
00:04:32
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00474 | 24m ago | Port Scan Detected | Low | Resolved | WS-LAP-010 |
| ALR-00417 | 5h ago | Port Scan Detected | High | Open | FW-EDGE-01 |
| ALR-00192 | 6h ago | Port Scan Detected | High | Investigating | WS-PC-002 |
| ALR-00050 | 1d ago | Privilege Escalation Attempt | Informational | False Positive | SRV-BACKUP-01 |
| ALR-00189 | 1d ago | Port Scan Detected | Medium | Resolved | SRV-MAIL-01 |