Unauthorised USB Device
Medium
Resolved
ALR-00297 · 2026-07-11T13:36:26Z
Description
Unauthorised USB mass storage device connected to AP-WIFI-03 by user 's.jones'. Device blocked by Endpoint Agent endpoint policy.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
13:36:26
Event ingested by SOC365 Engine
13:36:27
EmilyAI triage started — correlation enrichment
13:36:32
EmilyAI confidence: 96% — escalated to human analyst
13:36:53
Alert assigned to analyst: James Okonkwo
13:39:14
Investigation started — querying SIEM and threat intelligence
13:41:38
Containment action taken — endpoint isolated
13:47:44
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00095 | 24m ago | Malware Signature Match | Informational | Open | AP-WIFI-03 |
| ALR-00305 | 5h ago | Brute Force SSH | Low | Resolved | AP-WIFI-03 |
| ALR-00495 | 6h ago | C2 Beacon Activity | Medium | Open | AP-WIFI-03 |
| ALR-00382 | 7h ago | Pass-the-Hash Detected | Low | Escalated | AP-WIFI-03 |
| ALR-00005 | 10h ago | Malware Signature Match | Medium | Open | AP-WIFI-03 |