Tor Exit Node Connection
Medium
Escalated
ALR-00233 · 2026-05-27T03:37:38Z
Description
Connection from SRV-MAIL-01 to known Tor exit node detected by EmilyAI Triage. User 'h.roberts' was active at the time.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
03:37:38
Event ingested by SOC365 Engine
03:37:39
EmilyAI triage started — correlation enrichment
03:37:52
EmilyAI confidence: 78% — escalated to human analyst
03:38:23
Alert assigned to analyst: Sarah Chen
03:39:52
Investigation started — querying SIEM and threat intelligence
03:46:43
Containment action taken — endpoint isolated
03:53:15
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00053 | 13h ago | Tor Exit Node Connection | Informational | Investigating | SRV-SQL-01 |
| ALR-00003 | 17h ago | Tor Exit Node Connection | Low | False Positive | WS-LAP-012 |
| ALR-00066 | 20h ago | DLP Policy Violation | Medium | Resolved | SRV-MAIL-01 |
| ALR-00299 | 22h ago | Data Exfiltration Attempt | Low | Resolved | SRV-MAIL-01 |
| ALR-00324 | 1d ago | Suspicious PowerShell Execution | Informational | Resolved | SRV-MAIL-01 |