Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 16:53:29 UTC

Port Scan Detected

Low Investigating
ALR-00385 · 2026-04-10T02:54:09Z

Description

Sequential port scan (1-1024) detected targeting SRV-SQL-01 from external IP. DecoyPulse identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00385
Timestamp
2026-04-10T02:54:09Z
Severity
Low
Status
Investigating
Detection Source
DecoyPulse
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-SQL-01
User Account
c.williams
Source IP
91.169.195.64
Destination IP
10.2.244.132
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

02:54:09 Event ingested by SOC365 Engine
02:54:11 EmilyAI triage started — correlation enrichment
02:54:18 EmilyAI confidence: 90% — escalated to human analyst
02:54:37 Alert assigned to analyst: EmilyAI (auto)
02:55:20 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00436 1h ago Lateral Movement Detected High Investigating SRV-SQL-01
ALR-00281 5h ago Credential Stuffing Attempt Medium Resolved SRV-SQL-01
ALR-00425 8h ago Port Scan Detected Low Resolved FW-EDGE-01
ALR-00384 8h ago Insider Threat Indicator High Escalated SRV-SQL-01
ALR-00168 9h ago Insider Threat Indicator Low False Positive SRV-SQL-01