Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:50:34 UTC

Port Scan Detected

Medium Escalated
ALR-00331 · 2026-04-06T03:01:53Z

Description

Sequential port scan (1-1024) detected targeting SRV-WEB-01 from external IP. Email Gateway identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00331
Timestamp
2026-04-06T03:01:53Z
Severity
Medium
Status
Escalated
Detection Source
Email Gateway
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
SRV-WEB-01
User Account
m.taylor
Source IP
45.158.148.221
Destination IP
10.1.113.129
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

03:01:53 Event ingested by SOC365 Engine
03:01:54 EmilyAI triage started — correlation enrichment
03:02:03 EmilyAI confidence: 90% — escalated to human analyst
03:02:21 Alert assigned to analyst: Sarah Chen
03:03:26 Investigation started — querying SIEM and threat intelligence
03:11:47 Containment action taken — endpoint isolated
03:14:02 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00316 11h ago Port Scan Detected Low Resolved WS-PC-001
ALR-00450 14h ago DecoyPulse Honeypot Triggered Medium Open SRV-WEB-01
ALR-00123 19h ago Phishing Email Blocked Medium Open SRV-WEB-01
ALR-00004 21h ago Port Scan Detected Medium Resolved WS-PC-001
ALR-00291 22h ago Port Scan Detected Medium Investigating VM-DEV-01