Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:05:21 UTC

Unauthorised USB Device

Medium Investigating
ALR-00390 · 2026-05-27T17:11:35Z

Description

Unauthorised USB mass storage device connected to SRV-SQL-01 by user 'k.brown'. Device blocked by Firewall endpoint policy.

Alert Metadata

Alert ID
ALR-00390
Timestamp
2026-05-27T17:11:35Z
Severity
Medium
Status
Investigating
Detection Source
Firewall
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
SRV-SQL-01
User Account
k.brown
Source IP
91.144.195.13
Destination IP
10.0.247.159
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1091
Reference
attack.mitre.org/techniques/T1091

Investigation Timeline

17:11:35 Event ingested by SOC365 Engine
17:11:40 EmilyAI triage started — correlation enrichment
17:11:42 EmilyAI confidence: 96% — escalated to human analyst
17:12:15 Alert assigned to analyst: Anika Patel
17:14:32 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00441 6h ago Tor Exit Node Connection Low False Positive SRV-SQL-01
ALR-00127 12h ago Anomalous DNS Query Medium Investigating SRV-SQL-01
ALR-00208 15h ago Insider Threat Indicator Medium Resolved SRV-SQL-01
ALR-00435 17h ago Insider Threat Indicator Medium Resolved SRV-SQL-01
ALR-00256 1d ago Phishing Email Blocked High Open SRV-SQL-01