Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:26:20 UTC

Tor Exit Node Connection

High Open
ALR-00373 · 2026-04-07T08:00:41Z

Description

Connection from SRV-FILE-01 to known Tor exit node detected by Network IDS. User 'r.davies' was active at the time.

Alert Metadata

Alert ID
ALR-00373
Timestamp
2026-04-07T08:00:41Z
Severity
High
Status
Open
Detection Source
Network IDS
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
SRV-FILE-01
User Account
r.davies
Source IP
185.153.220.25
Destination IP
10.2.74.248
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

08:00:41 Event ingested by SOC365 Engine
08:00:46 EmilyAI triage started — correlation enrichment
08:00:56 EmilyAI confidence: 92% — escalated to human analyst
08:01:17 Alert assigned to analyst: Anika Patel
08:03:01 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00461 30m ago Tor Exit Node Connection Low Open WS-PC-006
ALR-00227 1h ago Tor Exit Node Connection Critical Escalated WS-LAP-011
ALR-00006 5h ago Kerberoasting Attempt Informational Open SRV-FILE-01
ALR-00201 8h ago DLP Policy Violation Critical Open SRV-FILE-01
ALR-00209 14h ago Tor Exit Node Connection Low Escalated FW-EDGE-01