Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:21:32 UTC

Port Scan Detected

Medium Open
ALR-00281 · 2026-04-07T15:59:12Z

Description

Sequential port scan (1-1024) detected targeting SRV-BACKUP-01 from external IP. Endpoint Agent identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00281
Timestamp
2026-04-07T15:59:12Z
Severity
Medium
Status
Open
Detection Source
Endpoint Agent
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
SRV-BACKUP-01
User Account
n.clark
Source IP
45.66.148.162
Destination IP
10.3.70.156
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

15:59:12 Event ingested by SOC365 Engine
15:59:17 EmilyAI triage started — correlation enrichment
15:59:17 EmilyAI confidence: 90% — escalated to human analyst
15:59:40 Alert assigned to analyst: James Okonkwo
16:02:12 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00168 15m ago Port Scan Detected Medium False Positive WS-MAC-005
ALR-00290 48m ago Port Scan Detected Informational Resolved SRV-APP-01
ALR-00420 7h ago Port Scan Detected Informational Investigating WS-PC-002
ALR-00102 9h ago Port Scan Detected Medium False Positive SRV-BACKUP-01
ALR-00436 15h ago Phishing Email Blocked Informational False Positive SRV-BACKUP-01