Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 23:01:25 UTC

Port Scan Detected

Medium Resolved
ALR-00348 · 2026-07-05T01:12:39Z

Description

Sequential port scan (1-1024) detected targeting SRV-WEB-01 from external IP. DLP Module identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00348
Timestamp
2026-07-05T01:12:39Z
Severity
Medium
Status
Resolved
Detection Source
DLP Module
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
SRV-WEB-01
User Account
h.roberts
Source IP
45.29.148.86
Destination IP
10.0.208.238
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

01:12:39 Event ingested by SOC365 Engine
01:12:40 EmilyAI triage started — correlation enrichment
01:12:54 EmilyAI confidence: 84% — escalated to human analyst
01:13:11 Alert assigned to analyst: James Okonkwo
01:13:52 Investigation started — querying SIEM and threat intelligence
01:21:26 Containment action taken — endpoint isolated
01:29:34 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00186 6m ago Tor Exit Node Connection Informational Resolved SRV-WEB-01
ALR-00118 33m ago Port Scan Detected Informational Investigating SRV-APP-01
ALR-00296 16h ago Port Scan Detected Low False Positive SRV-BACKUP-01
ALR-00278 16h ago Failed MFA Challenge Medium Escalated SRV-WEB-01
ALR-00294 17h ago Port Scan Detected Medium False Positive WS-LAP-012