Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:08:02 UTC

Tor Exit Node Connection

Medium Resolved
ALR-00252 · 2026-05-26T14:22:17Z

Description

Connection from SRV-FILE-01 to known Tor exit node detected by Attack Surface Scanner. User 'r.davies' was active at the time.

Alert Metadata

Alert ID
ALR-00252
Timestamp
2026-05-26T14:22:17Z
Severity
Medium
Status
Resolved
Detection Source
Attack Surface Scanner
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
SRV-FILE-01
User Account
r.davies
Source IP
185.131.220.163
Destination IP
10.2.34.150
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

14:22:17 Event ingested by SOC365 Engine
14:22:22 EmilyAI triage started — correlation enrichment
14:22:25 EmilyAI confidence: 83% — escalated to human analyst
14:22:44 Alert assigned to analyst: Sarah Chen
14:24:09 Investigation started — querying SIEM and threat intelligence
14:31:46 Containment action taken — endpoint isolated
14:35:50 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00037 3h ago Tor Exit Node Connection High Escalated WS-MAC-005
ALR-00112 7h ago Tor Exit Node Connection Informational Resolved SRV-WEB-01
ALR-00295 10h ago Unauthorised USB Device Medium False Positive SRV-FILE-01
ALR-00022 12h ago Failed MFA Challenge Informational Open SRV-FILE-01
ALR-00100 13h ago Rogue DHCP Server Low Investigating SRV-FILE-01