Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:45:52 UTC

Insider Threat Indicator

High Open
ALR-00279 · 2026-07-10T22:45:39Z

Description

Anomalous after-hours access by 'n.clark' on SRV-BACKUP-01. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Cloud Connector.

Alert Metadata

Alert ID
ALR-00279
Timestamp
2026-07-10T22:45:39Z
Severity
High
Status
Open
Detection Source
Cloud Connector
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
SRV-BACKUP-01
User Account
n.clark
Source IP
45.230.148.204
Destination IP
10.3.166.28
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Collection
Technique
T1119
Reference
attack.mitre.org/techniques/T1119

Investigation Timeline

22:45:39 Event ingested by SOC365 Engine
22:45:43 EmilyAI triage started — correlation enrichment
22:45:44 EmilyAI confidence: 97% — escalated to human analyst
22:46:00 Alert assigned to analyst: Sarah Chen
22:48:07 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00216 1h ago Certificate Anomaly Medium False Positive SRV-BACKUP-01
ALR-00353 2h ago Port Scan Detected Low Escalated SRV-BACKUP-01
ALR-00174 5h ago Insider Threat Indicator Informational Escalated AP-WIFI-03
ALR-00429 5h ago Pass-the-Hash Detected Medium False Positive SRV-BACKUP-01
ALR-00001 10h ago Malware Signature Match Low False Positive SRV-BACKUP-01