Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:22:19 UTC

Unauthorised USB Device

Informational Escalated
ALR-00291 · 2026-05-20T22:26:27Z

Description

Unauthorised USB mass storage device connected to SRV-FILE-01 by user 'k.brown'. Device blocked by EmilyAI Triage endpoint policy.

Alert Metadata

Alert ID
ALR-00291
Timestamp
2026-05-20T22:26:27Z
Severity
Informational
Status
Escalated
Detection Source
EmilyAI Triage
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-FILE-01
User Account
k.brown
Source IP
91.230.195.119
Destination IP
10.3.22.67
Origin Country
RO Romania

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1091
Reference
attack.mitre.org/techniques/T1091

Investigation Timeline

22:26:27 Event ingested by SOC365 Engine
22:26:28 EmilyAI triage started — correlation enrichment
22:26:33 EmilyAI confidence: 98% — escalated to human analyst
22:26:42 Alert assigned to analyst: EmilyAI (auto)
22:27:41 Investigation started — querying SIEM and threat intelligence
22:31:44 Containment action taken — endpoint isolated
22:41:15 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00190 1h ago Unauthorised USB Device Medium Open SRV-DC-01
ALR-00207 8h ago Pass-the-Hash Detected High Escalated SRV-FILE-01
ALR-00188 18h ago Unauthorised USB Device Medium False Positive WS-LAP-010
ALR-00298 23h ago Lateral Movement Detected Informational Resolved SRV-FILE-01
ALR-00410 1d ago Unauthorised USB Device High Investigating WS-LAP-010