Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:27:33 UTC

Tor Exit Node Connection

Low Escalated
ALR-00266 · 2026-04-12T15:22:14Z

Description

Connection from SRV-APP-01 to known Tor exit node detected by Cloud Connector. User 'r.davies' was active at the time.

Alert Metadata

Alert ID
ALR-00266
Timestamp
2026-04-12T15:22:14Z
Severity
Low
Status
Escalated
Detection Source
Cloud Connector
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-APP-01
User Account
r.davies
Source IP
91.116.195.30
Destination IP
10.0.7.189
Origin Country
NL Netherlands

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

15:22:14 Event ingested by SOC365 Engine
15:22:15 EmilyAI triage started — correlation enrichment
15:22:21 EmilyAI confidence: 95% — escalated to human analyst
15:22:53 Alert assigned to analyst: EmilyAI (auto)
15:24:49 Investigation started — querying SIEM and threat intelligence
15:28:03 Containment action taken — endpoint isolated
15:41:07 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00367 2h ago Tor Exit Node Connection Medium Open WS-PC-002
ALR-00498 6h ago Tor Exit Node Connection High Open WS-PC-001
ALR-00107 10h ago Tor Exit Node Connection Low Escalated SW-CORE-01
ALR-00298 14h ago Tor Exit Node Connection Informational Open WS-PC-004
ALR-00362 20h ago Privilege Escalation Attempt Informational Escalated SRV-APP-01