Tor Exit Node Connection
Low
False Positive
ALR-00281 · 2026-07-10T17:30:24Z
Description
Connection from SRV-FILE-01 to known Tor exit node detected by Cloud Connector. User 'd.walker' was active at the time.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
17:30:24
Event ingested by SOC365 Engine
17:30:28
EmilyAI triage started — correlation enrichment
17:30:39
EmilyAI confidence: 86% — escalated to human analyst
17:30:59
Alert assigned to analyst: EmilyAI (auto)
17:31:38
Investigation started — querying SIEM and threat intelligence
17:40:16
Containment action taken — endpoint isolated
17:47:21
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00168 | 1h ago | Certificate Anomaly | Medium | False Positive | SRV-FILE-01 |
| ALR-00089 | 1h ago | Tor Exit Node Connection | Low | False Positive | WS-LAP-012 |
| ALR-00324 | 11h ago | Tor Exit Node Connection | Medium | Resolved | WS-LAP-012 |
| ALR-00106 | 16h ago | Insider Threat Indicator | Medium | Open | SRV-FILE-01 |
| ALR-00082 | 19h ago | Insider Threat Indicator | Low | Resolved | SRV-FILE-01 |