Unauthorised USB Device
Medium
Open
ALR-00255 · 2026-07-09T11:43:35Z
Description
Unauthorised USB mass storage device connected to AP-WIFI-03 by user 'r.davies'. Device blocked by Cloud Connector endpoint policy.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:43:35
Event ingested by SOC365 Engine
11:43:37
EmilyAI triage started — correlation enrichment
11:43:45
EmilyAI confidence: 86% — escalated to human analyst
11:44:03
Alert assigned to analyst: James Okonkwo
11:45:32
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00294 | 27m ago | Brute Force SSH | Low | Open | AP-WIFI-03 |
| ALR-00364 | 1h ago | Unauthorised USB Device | Informational | Open | WS-PC-004 |
| ALR-00486 | 5h ago | Anomalous DNS Query | Low | False Positive | AP-WIFI-03 |
| ALR-00463 | 5h ago | DecoyPulse Honeypot Triggered | High | Open | AP-WIFI-03 |
| ALR-00155 | 11h ago | Certificate Anomaly | Medium | Resolved | AP-WIFI-03 |