Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:04:10 UTC

Insider Threat Indicator

Low Investigating
ALR-00305 · 2026-05-22T13:44:08Z

Description

Anomalous after-hours access by 'a.wilson' on WS-MAC-005. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Email Gateway.

Alert Metadata

Alert ID
ALR-00305
Timestamp
2026-05-22T13:44:08Z
Severity
Low
Status
Investigating
Detection Source
Email Gateway
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-MAC-005
User Account
a.wilson
Source IP
194.162.62.82
Destination IP
10.3.44.173
Origin Country
FR France

MITRE ATT&CK Mapping

Tactic
Collection
Technique
T1119
Reference
attack.mitre.org/techniques/T1119

Investigation Timeline

13:44:08 Event ingested by SOC365 Engine
13:44:11 EmilyAI triage started — correlation enrichment
13:44:15 EmilyAI confidence: 89% — escalated to human analyst
13:44:31 Alert assigned to analyst: EmilyAI (auto)
13:45:51 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00422 7h ago Insider Threat Indicator High Escalated WS-LAP-011
ALR-00103 9h ago Insider Threat Indicator Low Investigating SRV-MAIL-01
ALR-00303 9h ago Suspicious PowerShell Execution Informational Resolved WS-MAC-005
ALR-00412 12h ago DecoyPulse Honeypot Triggered Medium Investigating WS-MAC-005
ALR-00076 13h ago Ransomware Behaviour Detected Medium Investigating WS-MAC-005