Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 16:53:28 UTC

Tor Exit Node Connection

Medium Investigating
ALR-00325 · 2026-04-09T07:21:57Z

Description

Connection from WS-PC-002 to known Tor exit node detected by Attack Surface Scanner. User 'system' was active at the time.

Alert Metadata

Alert ID
ALR-00325
Timestamp
2026-04-09T07:21:57Z
Severity
Medium
Status
Investigating
Detection Source
Attack Surface Scanner
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
WS-PC-002
User Account
system
Source IP
91.33.195.43
Destination IP
10.1.157.240
Origin Country
GB United Kingdom

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

07:21:57 Event ingested by SOC365 Engine
07:22:00 EmilyAI triage started — correlation enrichment
07:22:10 EmilyAI confidence: 88% — escalated to human analyst
07:22:28 Alert assigned to analyst: Marcus Webb
07:23:04 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00449 48m ago Tor Exit Node Connection Low Escalated WS-LAP-012
ALR-00084 12h ago Brute Force SSH Medium Open WS-PC-002
ALR-00181 13h ago DLP Policy Violation Medium False Positive WS-PC-002
ALR-00311 15h ago Kerberoasting Attempt High Escalated WS-PC-002
ALR-00276 16h ago Unauthorised USB Device Informational False Positive WS-PC-002