Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 21:04:29 UTC

Phishing Email Blocked

High Escalated
ALR-00399 · 2026-07-05T07:31:07Z

Description

Phishing email targeting 'l.johnson@company.co.uk' blocked by DLP Module. Payload: credential harvesting link mimicking Microsoft 365 login.

Alert Metadata

Alert ID
ALR-00399
Timestamp
2026-07-05T07:31:07Z
Severity
High
Status
Escalated
Detection Source
DLP Module
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
FW-EDGE-01
User Account
l.johnson
Source IP
45.177.148.100
Destination IP
10.3.170.119
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1566.001
Reference
attack.mitre.org/techniques/T1566.001

Investigation Timeline

07:31:07 Event ingested by SOC365 Engine
07:31:09 EmilyAI triage started — correlation enrichment
07:31:20 EmilyAI confidence: 89% — escalated to human analyst
07:31:52 Alert assigned to analyst: Anika Patel
07:33:18 Investigation started — querying SIEM and threat intelligence
07:38:13 Containment action taken — endpoint isolated
07:48:26 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00412 5h ago Unauthorised USB Device Medium Investigating FW-EDGE-01
ALR-00161 6h ago Unusual Outbound Traffic High Open FW-EDGE-01
ALR-00119 10h ago Malware Signature Match High Investigating FW-EDGE-01
ALR-00477 12h ago Unauthorised USB Device Medium Open FW-EDGE-01
ALR-00017 1d ago Kerberoasting Attempt Informational False Positive FW-EDGE-01