Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:37:41 UTC

Tor Exit Node Connection

Medium False Positive
ALR-00259 · 2026-07-05T18:48:54Z

Description

Connection from SRV-DC-01 to known Tor exit node detected by SOC365 Engine. User 'k.brown' was active at the time.

Alert Metadata

Alert ID
ALR-00259
Timestamp
2026-07-05T18:48:54Z
Severity
Medium
Status
False Positive
Detection Source
SOC365 Engine
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
SRV-DC-01
User Account
k.brown
Source IP
194.25.62.35
Destination IP
10.1.46.206
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

18:48:54 Event ingested by SOC365 Engine
18:48:56 EmilyAI triage started — correlation enrichment
18:49:08 EmilyAI confidence: 90% — escalated to human analyst
18:49:35 Alert assigned to analyst: Sarah Chen
18:51:13 Investigation started — querying SIEM and threat intelligence
18:57:01 Containment action taken — endpoint isolated
19:07:47 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00224 5m ago Kerberoasting Attempt Medium Investigating SRV-DC-01
ALR-00050 1h ago Suspicious Scheduled Task High Investigating SRV-DC-01
ALR-00367 5h ago Certificate Anomaly High Escalated SRV-DC-01
ALR-00371 6h ago Tor Exit Node Connection Medium Escalated WS-LAP-010
ALR-00202 10h ago Tor Exit Node Connection Medium Escalated SRV-BACKUP-01