Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:22:20 UTC

Tor Exit Node Connection

Low False Positive
ALR-00265 · 2026-04-06T12:40:44Z

Description

Connection from WS-PC-006 to known Tor exit node detected by Network IDS. User 'e.evans' was active at the time.

Alert Metadata

Alert ID
ALR-00265
Timestamp
2026-04-06T12:40:44Z
Severity
Low
Status
False Positive
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-006
User Account
e.evans
Source IP
45.236.148.183
Destination IP
10.0.10.199
Origin Country
CN China

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

12:40:44 Event ingested by SOC365 Engine
12:40:45 EmilyAI triage started — correlation enrichment
12:40:59 EmilyAI confidence: 88% — escalated to human analyst
12:41:00 Alert assigned to analyst: EmilyAI (auto)
12:41:44 Investigation started — querying SIEM and threat intelligence
12:44:08 Containment action taken — endpoint isolated
12:56:29 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00483 6h ago Tor Exit Node Connection Low Investigating WS-LAP-011
ALR-00049 8h ago Suspicious Scheduled Task Medium Escalated WS-PC-006
ALR-00348 8h ago Tor Exit Node Connection Critical Open SRV-BACKUP-01
ALR-00044 20h ago Data Exfiltration Attempt Informational Investigating WS-PC-006
ALR-00029 1d ago Tor Exit Node Connection High Open WS-LAP-012