Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:08:56 UTC

Tor Exit Node Connection

Informational Escalated
ALR-00241 · 2026-05-26T06:08:55Z

Description

Connection from AP-WIFI-03 to known Tor exit node detected by SOC365 Engine. User 'j.smith' was active at the time.

Alert Metadata

Alert ID
ALR-00241
Timestamp
2026-05-26T06:08:55Z
Severity
Informational
Status
Escalated
Detection Source
SOC365 Engine
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
AP-WIFI-03
User Account
j.smith
Source IP
194.206.62.80
Destination IP
10.3.157.240
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

06:08:55 Event ingested by SOC365 Engine
06:08:57 EmilyAI triage started — correlation enrichment
06:09:08 EmilyAI confidence: 93% — escalated to human analyst
06:09:25 Alert assigned to analyst: EmilyAI (auto)
06:11:17 Investigation started — querying SIEM and threat intelligence
06:13:05 Containment action taken — endpoint isolated
06:21:36 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00037 3h ago Tor Exit Node Connection High Escalated WS-MAC-005
ALR-00178 6h ago Kerberoasting Attempt Medium False Positive AP-WIFI-03
ALR-00112 7h ago Tor Exit Node Connection Informational Resolved SRV-WEB-01
ALR-00013 11h ago Brute Force SSH Low Escalated AP-WIFI-03
ALR-00238 12h ago Suspicious Scheduled Task Low Resolved AP-WIFI-03