Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:46:20 UTC

Phishing Email Blocked

Informational Escalated
ALR-00369 · 2026-07-05T10:51:41Z

Description

Phishing email targeting 'e.evans@company.co.uk' blocked by Email Gateway. Payload: credential harvesting link mimicking Microsoft 365 login.

Alert Metadata

Alert ID
ALR-00369
Timestamp
2026-07-05T10:51:41Z
Severity
Informational
Status
Escalated
Detection Source
Email Gateway
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-DC-01
User Account
e.evans
Source IP
185.70.220.133
Destination IP
10.0.106.53
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1566.001
Reference
attack.mitre.org/techniques/T1566.001

Investigation Timeline

10:51:41 Event ingested by SOC365 Engine
10:51:43 EmilyAI triage started — correlation enrichment
10:51:55 EmilyAI confidence: 96% — escalated to human analyst
10:51:59 Alert assigned to analyst: EmilyAI (auto)
10:54:29 Investigation started — querying SIEM and threat intelligence
10:57:26 Containment action taken — endpoint isolated
11:07:29 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00337 1h ago C2 Beacon Activity Low Open SRV-DC-01
ALR-00224 4h ago Port Scan Detected Medium Open SRV-DC-01
ALR-00412 7h ago Phishing Email Blocked Medium Investigating FW-EDGE-01
ALR-00129 13h ago Phishing Email Blocked Informational Resolved FW-EDGE-01
ALR-00356 15h ago DecoyPulse Honeypot Triggered High Escalated SRV-DC-01