Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:45:19 UTC

Unauthorised USB Device

Medium Investigating
ALR-00366 · 2026-07-07T18:11:19Z

Description

Unauthorised USB mass storage device connected to WS-LAP-011 by user 'a.wilson'. Device blocked by Dark Web Monitor endpoint policy.

Alert Metadata

Alert ID
ALR-00366
Timestamp
2026-07-07T18:11:19Z
Severity
Medium
Status
Investigating
Detection Source
Dark Web Monitor
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
WS-LAP-011
User Account
a.wilson
Source IP
194.198.62.114
Destination IP
10.0.91.42
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1091
Reference
attack.mitre.org/techniques/T1091

Investigation Timeline

18:11:19 Event ingested by SOC365 Engine
18:11:20 EmilyAI triage started — correlation enrichment
18:11:33 EmilyAI confidence: 80% — escalated to human analyst
18:11:51 Alert assigned to analyst: Marcus Webb
18:12:28 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00220 8m ago Unauthorised USB Device Low Open WS-PC-003
ALR-00141 4h ago Suspicious Scheduled Task High Investigating WS-LAP-011
ALR-00428 16h ago Unauthorised USB Device Low False Positive SRV-SQL-01
ALR-00092 17h ago Insider Threat Indicator Informational Resolved WS-LAP-011
ALR-00473 20h ago Unauthorised USB Device Critical Escalated SRV-WEB-01