Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:50:48 UTC

Unauthorised USB Device

Informational Resolved
ALR-00304 · 2026-04-08T02:16:17Z

Description

Unauthorised USB mass storage device connected to SRV-DC-01 by user 'm.taylor'. Device blocked by Attack Surface Scanner endpoint policy.

Alert Metadata

Alert ID
ALR-00304
Timestamp
2026-04-08T02:16:17Z
Severity
Informational
Status
Resolved
Detection Source
Attack Surface Scanner
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-DC-01
User Account
m.taylor
Source IP
91.224.195.86
Destination IP
10.0.85.135
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1091
Reference
attack.mitre.org/techniques/T1091

Investigation Timeline

02:16:17 Event ingested by SOC365 Engine
02:16:21 EmilyAI triage started — correlation enrichment
02:16:25 EmilyAI confidence: 89% — escalated to human analyst
02:16:56 Alert assigned to analyst: EmilyAI (auto)
02:17:24 Investigation started — querying SIEM and threat intelligence
02:23:02 Containment action taken — endpoint isolated
02:26:56 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00342 14m ago Certificate Anomaly Informational Investigating SRV-DC-01
ALR-00455 9h ago Failed MFA Challenge Medium Open SRV-DC-01
ALR-00499 17h ago Phishing Email Blocked Informational False Positive SRV-DC-01
ALR-00449 1d ago Kerberoasting Attempt Low Open SRV-DC-01
ALR-00032 1d ago Kerberoasting Attempt High Open SRV-DC-01