Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:50:56 UTC

Tor Exit Node Connection

Low False Positive
ALR-00333 · 2026-04-12T07:17:39Z

Description

Connection from WS-PC-006 to known Tor exit node detected by Firewall. User 'h.roberts' was active at the time.

Alert Metadata

Alert ID
ALR-00333
Timestamp
2026-04-12T07:17:39Z
Severity
Low
Status
False Positive
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-006
User Account
h.roberts
Source IP
185.169.220.207
Destination IP
10.0.138.19
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

07:17:39 Event ingested by SOC365 Engine
07:17:44 EmilyAI triage started — correlation enrichment
07:17:50 EmilyAI confidence: 82% — escalated to human analyst
07:18:03 Alert assigned to analyst: EmilyAI (auto)
07:19:31 Investigation started — querying SIEM and threat intelligence
07:26:11 Containment action taken — endpoint isolated
07:35:02 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00089 4h ago Tor Exit Node Connection Informational Resolved WS-PC-001
ALR-00173 14h ago Insider Threat Indicator Informational Escalated WS-PC-006
ALR-00167 15h ago Tor Exit Node Connection Low Open FW-EDGE-01
ALR-00285 17h ago Tor Exit Node Connection High Escalated WS-PC-004
ALR-00083 18h ago Suspicious PowerShell Execution Low Escalated WS-PC-006