Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:44:06 UTC

Tor Exit Node Connection

Medium False Positive
ALR-00272 · 2026-07-07T21:41:56Z

Description

Connection from SRV-MAIL-01 to known Tor exit node detected by EmilyAI Triage. User 'e.evans' was active at the time.

Alert Metadata

Alert ID
ALR-00272
Timestamp
2026-07-07T21:41:56Z
Severity
Medium
Status
False Positive
Detection Source
EmilyAI Triage
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SRV-MAIL-01
User Account
e.evans
Source IP
194.10.62.191
Destination IP
10.3.133.192
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

21:41:56 Event ingested by SOC365 Engine
21:42:00 EmilyAI triage started — correlation enrichment
21:42:08 EmilyAI confidence: 92% — escalated to human analyst
21:42:27 Alert assigned to analyst: Marcus Webb
21:42:50 Investigation started — querying SIEM and threat intelligence
21:45:22 Containment action taken — endpoint isolated
21:53:06 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00297 45m ago Tor Exit Node Connection Low Investigating SRV-BACKUP-01
ALR-00289 6h ago Tor Exit Node Connection High Investigating WS-MAC-005
ALR-00274 18h ago Privilege Escalation Attempt Low Open SRV-MAIL-01
ALR-00321 21h ago Tor Exit Node Connection Informational Investigating SRV-FILE-01
ALR-00081 1d ago Brute Force SSH Low Investigating SRV-MAIL-01