Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 14:05:55 UTC

Insider Threat Indicator

Informational False Positive
ALR-00232 · 2026-04-05T16:21:25Z

Description

Anomalous after-hours access by 's.jones' on WS-PC-003. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by DLP Module.

Alert Metadata

Alert ID
ALR-00232
Timestamp
2026-04-05T16:21:25Z
Severity
Informational
Status
False Positive
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-003
User Account
s.jones
Source IP
103.97.216.119
Destination IP
10.3.184.251
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Collection
Technique
T1119
Reference
attack.mitre.org/techniques/T1119

Investigation Timeline

16:21:25 Event ingested by SOC365 Engine
16:21:28 EmilyAI triage started — correlation enrichment
16:21:31 EmilyAI confidence: 83% — escalated to human analyst
16:22:08 Alert assigned to analyst: EmilyAI (auto)
16:23:55 Investigation started — querying SIEM and threat intelligence
16:28:17 Containment action taken — endpoint isolated
16:38:03 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00196 2h ago Port Scan Detected Medium Resolved WS-PC-003
ALR-00429 6h ago Insider Threat Indicator Informational Open WS-LAP-011
ALR-00366 6h ago Insider Threat Indicator Low False Positive AP-WIFI-03
ALR-00059 10h ago Data Exfiltration Attempt Low Open WS-PC-003
ALR-00210 13h ago Suspicious Scheduled Task Low False Positive WS-PC-003