Unauthorised USB Device
Low
Investigating
ALR-00398 · 2026-07-05T08:31:22Z
Description
Unauthorised USB mass storage device connected to SRV-WEB-01 by user 'n.clark'. Device blocked by EmilyAI Triage endpoint policy.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
08:31:22
Event ingested by SOC365 Engine
08:31:25
EmilyAI triage started — correlation enrichment
08:31:35
EmilyAI confidence: 94% — escalated to human analyst
08:31:47
Alert assigned to analyst: EmilyAI (auto)
08:32:11
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00106 | 5h ago | Pass-the-Hash Detected | Informational | Escalated | SRV-WEB-01 |
| ALR-00098 | 5h ago | Unauthorised USB Device | Medium | Resolved | WS-PC-003 |
| ALR-00386 | 13h ago | Ransomware Behaviour Detected | Critical | Escalated | SRV-WEB-01 |
| ALR-00295 | 18h ago | Unauthorised USB Device | High | Open | WS-LAP-012 |
| ALR-00084 | 1d ago | Kerberoasting Attempt | Low | False Positive | SRV-WEB-01 |