Insider Threat Indicator
Medium
False Positive
ALR-00234 · 2026-07-06T23:48:30Z
Description
Anomalous after-hours access by 'd.walker' on WS-PC-006. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Attack Surface Scanner.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
23:48:30
Event ingested by SOC365 Engine
23:48:35
EmilyAI triage started — correlation enrichment
23:48:36
EmilyAI confidence: 96% — escalated to human analyst
23:48:51
Alert assigned to analyst: Anika Patel
23:51:23
Investigation started — querying SIEM and threat intelligence
23:58:17
Containment action taken — endpoint isolated
00:04:20
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00057 | 5h ago | Insider Threat Indicator | Informational | Escalated | SRV-DC-01 |
| ALR-00061 | 16h ago | Phishing Email Blocked | High | Investigating | WS-PC-006 |
| ALR-00117 | 1d ago | Suspicious Scheduled Task | Low | Open | WS-PC-006 |
| ALR-00154 | 1d ago | Brute Force SSH | Medium | False Positive | WS-PC-006 |
| ALR-00068 | 1d ago | Kerberoasting Attempt | Low | Escalated | WS-PC-006 |