Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:00:12 UTC

Port Scan Detected

Informational False Positive
ALR-00319 · 2026-04-06T01:25:45Z

Description

Sequential port scan (1-1024) detected targeting SW-CORE-01 from external IP. Endpoint Agent identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00319
Timestamp
2026-04-06T01:25:45Z
Severity
Informational
Status
False Positive
Detection Source
Endpoint Agent
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SW-CORE-01
User Account
l.johnson
Source IP
91.190.195.143
Destination IP
10.0.163.134
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

01:25:45 Event ingested by SOC365 Engine
01:25:49 EmilyAI triage started — correlation enrichment
01:25:54 EmilyAI confidence: 78% — escalated to human analyst
01:26:16 Alert assigned to analyst: EmilyAI (auto)
01:27:34 Investigation started — querying SIEM and threat intelligence
01:28:50 Containment action taken — endpoint isolated
01:38:54 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00363 2h ago Port Scan Detected Critical Open SRV-DC-01
ALR-00324 4h ago Port Scan Detected High Open WS-LAP-010
ALR-00272 8h ago Port Scan Detected Medium False Positive WS-PC-004
ALR-00430 11h ago Port Scan Detected Informational Investigating AP-WIFI-03
ALR-00115 15h ago Lateral Movement Detected Low False Positive SW-CORE-01