Unauthorised USB Device
Medium
Investigating
ALR-00366 · 2026-07-07T18:11:19Z
Description
Unauthorised USB mass storage device connected to WS-LAP-011 by user 'a.wilson'. Device blocked by Dark Web Monitor endpoint policy.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
18:11:19
Event ingested by SOC365 Engine
18:11:20
EmilyAI triage started — correlation enrichment
18:11:33
EmilyAI confidence: 80% — escalated to human analyst
18:11:51
Alert assigned to analyst: Marcus Webb
18:12:28
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00220 | 8m ago | Unauthorised USB Device | Low | Open | WS-PC-003 |
| ALR-00141 | 4h ago | Suspicious Scheduled Task | High | Investigating | WS-LAP-011 |
| ALR-00428 | 16h ago | Unauthorised USB Device | Low | False Positive | SRV-SQL-01 |
| ALR-00092 | 17h ago | Insider Threat Indicator | Informational | Resolved | WS-LAP-011 |
| ALR-00473 | 20h ago | Unauthorised USB Device | Critical | Escalated | SRV-WEB-01 |