Tor Exit Node Connection
Medium
False Positive
ALR-00259 · 2026-07-05T18:48:54Z
Description
Connection from SRV-DC-01 to known Tor exit node detected by SOC365 Engine. User 'k.brown' was active at the time.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
18:48:54
Event ingested by SOC365 Engine
18:48:56
EmilyAI triage started — correlation enrichment
18:49:08
EmilyAI confidence: 90% — escalated to human analyst
18:49:35
Alert assigned to analyst: Sarah Chen
18:51:13
Investigation started — querying SIEM and threat intelligence
18:57:01
Containment action taken — endpoint isolated
19:07:47
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00224 | 5m ago | Kerberoasting Attempt | Medium | Investigating | SRV-DC-01 |
| ALR-00050 | 1h ago | Suspicious Scheduled Task | High | Investigating | SRV-DC-01 |
| ALR-00367 | 5h ago | Certificate Anomaly | High | Escalated | SRV-DC-01 |
| ALR-00371 | 6h ago | Tor Exit Node Connection | Medium | Escalated | WS-LAP-010 |
| ALR-00202 | 10h ago | Tor Exit Node Connection | Medium | Escalated | SRV-BACKUP-01 |