Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 21:33:36 UTC

Unauthorised USB Device

Low Resolved
ALR-00312 · 2026-05-26T18:00:12Z

Description

Unauthorised USB mass storage device connected to WS-PC-004 by user 'a.wilson'. Device blocked by DecoyPulse endpoint policy.

Alert Metadata

Alert ID
ALR-00312
Timestamp
2026-05-26T18:00:12Z
Severity
Low
Status
Resolved
Detection Source
DecoyPulse
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-004
User Account
a.wilson
Source IP
103.226.216.115
Destination IP
10.2.159.84
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1091
Reference
attack.mitre.org/techniques/T1091

Investigation Timeline

18:00:12 Event ingested by SOC365 Engine
18:00:16 EmilyAI triage started — correlation enrichment
18:00:26 EmilyAI confidence: 86% — escalated to human analyst
18:00:46 Alert assigned to analyst: EmilyAI (auto)
18:02:06 Investigation started — querying SIEM and threat intelligence
18:05:36 Containment action taken — endpoint isolated
18:12:42 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00498 6h ago Unauthorised USB Device Medium Resolved WS-MAC-005
ALR-00282 8h ago DLP Policy Violation Informational Escalated WS-PC-004
ALR-00471 16h ago Unauthorised USB Device Medium False Positive FW-EDGE-01
ALR-00300 18h ago Unauthorised USB Device Low Resolved SRV-WEB-01
ALR-00106 22h ago Unauthorised USB Device Low Escalated SRV-BACKUP-01