Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:02:23 UTC

Unauthorised USB Device

Medium False Positive
ALR-00325 · 2026-05-24T00:37:34Z

Description

Unauthorised USB mass storage device connected to WS-MAC-005 by user 'm.taylor'. Device blocked by Firewall endpoint policy.

Alert Metadata

Alert ID
ALR-00325
Timestamp
2026-05-24T00:37:34Z
Severity
Medium
Status
False Positive
Detection Source
Firewall
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
WS-MAC-005
User Account
m.taylor
Source IP
91.147.195.43
Destination IP
10.3.188.196
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1091
Reference
attack.mitre.org/techniques/T1091

Investigation Timeline

00:37:34 Event ingested by SOC365 Engine
00:37:37 EmilyAI triage started — correlation enrichment
00:37:39 EmilyAI confidence: 85% — escalated to human analyst
00:38:12 Alert assigned to analyst: James Okonkwo
00:40:18 Investigation started — querying SIEM and threat intelligence
00:42:45 Containment action taken — endpoint isolated
00:52:04 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00153 34m ago Unauthorised USB Device Informational Investigating WS-PC-003
ALR-00413 1h ago Unauthorised USB Device Medium Resolved WS-PC-001
ALR-00474 3h ago Unauthorised USB Device Informational Escalated SRV-DC-01
ALR-00309 6h ago Unauthorised USB Device High Escalated SRV-BACKUP-01
ALR-00079 15h ago Unauthorised USB Device Low Investigating SRV-APP-01