Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:02:23 UTC

Insider Threat Indicator

High Investigating
ALR-00356 · 2026-05-25T14:23:08Z

Description

Anomalous after-hours access by 'n.clark' on SRV-SQL-01. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Dark Web Monitor.

Alert Metadata

Alert ID
ALR-00356
Timestamp
2026-05-25T14:23:08Z
Severity
High
Status
Investigating
Detection Source
Dark Web Monitor
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
SRV-SQL-01
User Account
n.clark
Source IP
91.203.195.42
Destination IP
10.1.242.6
Origin Country
CN China

MITRE ATT&CK Mapping

Tactic
Collection
Technique
T1119
Reference
attack.mitre.org/techniques/T1119

Investigation Timeline

14:23:08 Event ingested by SOC365 Engine
14:23:11 EmilyAI triage started — correlation enrichment
14:23:13 EmilyAI confidence: 87% — escalated to human analyst
14:23:52 Alert assigned to analyst: Anika Patel
14:24:50 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00485 53m ago Credential Stuffing Attempt Medium Open SRV-SQL-01
ALR-00184 3h ago Insider Threat Indicator High Investigating WS-LAP-010
ALR-00423 4h ago Kerberoasting Attempt Medium Investigating SRV-SQL-01
ALR-00148 5h ago Ransomware Behaviour Detected Low Investigating SRV-SQL-01
ALR-00400 5h ago Malware Signature Match Medium Resolved SRV-SQL-01