Insider Threat Indicator
Low
Resolved
ALR-00302 · 2026-07-07T16:12:44Z
Description
Anomalous after-hours access by 'm.taylor' on WS-PC-002. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by DLP Module.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
16:12:44
Event ingested by SOC365 Engine
16:12:45
EmilyAI triage started — correlation enrichment
16:12:50
EmilyAI confidence: 84% — escalated to human analyst
16:13:00
Alert assigned to analyst: EmilyAI (auto)
16:13:45
Investigation started — querying SIEM and threat intelligence
16:16:56
Containment action taken — endpoint isolated
16:31:46
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00262 | 2m ago | Insider Threat Indicator | Low | Investigating | WS-PC-006 |
| ALR-00438 | 2h ago | Insider Threat Indicator | Medium | False Positive | AP-WIFI-03 |
| ALR-00297 | 8h ago | Insider Threat Indicator | Informational | Escalated | SRV-FILE-01 |
| ALR-00256 | 14h ago | DecoyPulse Honeypot Triggered | Informational | False Positive | WS-PC-002 |
| ALR-00005 | 14h ago | DecoyPulse Honeypot Triggered | Medium | False Positive | WS-PC-002 |