Unauthorised USB Device
Low
Resolved
ALR-00318 · 2026-07-06T07:47:31Z
Description
Unauthorised USB mass storage device connected to SRV-FILE-01 by user 'system'. Device blocked by Endpoint Agent endpoint policy.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
07:47:31
Event ingested by SOC365 Engine
07:47:33
EmilyAI triage started — correlation enrichment
07:47:43
EmilyAI confidence: 98% — escalated to human analyst
07:47:53
Alert assigned to analyst: EmilyAI (auto)
07:48:16
Investigation started — querying SIEM and threat intelligence
07:56:12
Containment action taken — endpoint isolated
08:04:15
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00230 | 2h ago | Unauthorised USB Device | Medium | Open | SRV-APP-01 |
| ALR-00371 | 11h ago | Unauthorised USB Device | Low | Open | WS-LAP-011 |
| ALR-00340 | 15h ago | Unauthorised USB Device | Critical | Investigating | SW-CORE-01 |
| ALR-00370 | 1d ago | Unauthorised USB Device | High | Open | VM-DEV-01 |
| ALR-00432 | 1d ago | Unauthorised USB Device | Medium | Escalated | WS-PC-003 |