Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:27:00 UTC

Port Scan Detected

Medium False Positive
ALR-00398 · 2026-04-08T23:32:02Z

Description

Sequential port scan (1-1024) detected targeting WS-PC-004 from external IP. Firewall identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00398
Timestamp
2026-04-08T23:32:02Z
Severity
Medium
Status
False Positive
Detection Source
Firewall
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
WS-PC-004
User Account
h.roberts
Source IP
45.211.148.53
Destination IP
10.2.14.254
Origin Country
RO Romania

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

23:32:02 Event ingested by SOC365 Engine
23:32:05 EmilyAI triage started — correlation enrichment
23:32:11 EmilyAI confidence: 93% — escalated to human analyst
23:32:38 Alert assigned to analyst: Emma Richardson
23:35:01 Investigation started — querying SIEM and threat intelligence
23:40:13 Containment action taken — endpoint isolated
23:50:23 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00193 9h ago C2 Beacon Activity Medium Investigating WS-PC-004
ALR-00420 10h ago Certificate Anomaly High Open WS-PC-004
ALR-00298 14h ago Tor Exit Node Connection Informational Open WS-PC-004
ALR-00334 14h ago Port Scan Detected Low Investigating SRV-SQL-01
ALR-00426 20h ago Port Scan Detected Low False Positive WS-LAP-011