Insider Threat Indicator
Medium
Resolved
ALR-00295 · 2026-07-10T11:39:17Z
Description
Anomalous after-hours access by 'h.roberts' on SRV-WEB-01. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Endpoint Agent.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:39:17
Event ingested by SOC365 Engine
11:39:20
EmilyAI triage started — correlation enrichment
11:39:32
EmilyAI confidence: 78% — escalated to human analyst
11:39:49
Alert assigned to analyst: James Okonkwo
11:41:06
Investigation started — querying SIEM and threat intelligence
11:47:44
Containment action taken — endpoint isolated
11:56:10
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00054 | 1h ago | Phishing Email Blocked | Medium | False Positive | SRV-WEB-01 |
| ALR-00492 | 2h ago | Tor Exit Node Connection | Low | False Positive | SRV-WEB-01 |
| ALR-00085 | 7h ago | Insider Threat Indicator | Informational | False Positive | WS-PC-006 |
| ALR-00441 | 9h ago | Data Exfiltration Attempt | Low | Resolved | SRV-WEB-01 |
| ALR-00092 | 17h ago | Insider Threat Indicator | Informational | Resolved | WS-LAP-011 |