Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 21:58:03 UTC

Tor Exit Node Connection

Low False Positive
ALR-00281 · 2026-07-10T17:30:24Z

Description

Connection from SRV-FILE-01 to known Tor exit node detected by Cloud Connector. User 'd.walker' was active at the time.

Alert Metadata

Alert ID
ALR-00281
Timestamp
2026-07-10T17:30:24Z
Severity
Low
Status
False Positive
Detection Source
Cloud Connector
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-FILE-01
User Account
d.walker
Source IP
103.178.216.22
Destination IP
10.2.158.149
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

17:30:24 Event ingested by SOC365 Engine
17:30:28 EmilyAI triage started — correlation enrichment
17:30:39 EmilyAI confidence: 86% — escalated to human analyst
17:30:59 Alert assigned to analyst: EmilyAI (auto)
17:31:38 Investigation started — querying SIEM and threat intelligence
17:40:16 Containment action taken — endpoint isolated
17:47:21 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00168 1h ago Certificate Anomaly Medium False Positive SRV-FILE-01
ALR-00089 1h ago Tor Exit Node Connection Low False Positive WS-LAP-012
ALR-00324 11h ago Tor Exit Node Connection Medium Resolved WS-LAP-012
ALR-00106 16h ago Insider Threat Indicator Medium Open SRV-FILE-01
ALR-00082 19h ago Insider Threat Indicator Low Resolved SRV-FILE-01