Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:04:10 UTC

Unauthorised USB Device

Medium Resolved
ALR-00411 · 2026-05-26T11:53:09Z

Description

Unauthorised USB mass storage device connected to SRV-SQL-01 by user 'h.roberts'. Device blocked by Endpoint Agent endpoint policy.

Alert Metadata

Alert ID
ALR-00411
Timestamp
2026-05-26T11:53:09Z
Severity
Medium
Status
Resolved
Detection Source
Endpoint Agent
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SRV-SQL-01
User Account
h.roberts
Source IP
103.198.216.79
Destination IP
10.2.14.158
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1091
Reference
attack.mitre.org/techniques/T1091

Investigation Timeline

11:53:09 Event ingested by SOC365 Engine
11:53:12 EmilyAI triage started — correlation enrichment
11:53:19 EmilyAI confidence: 84% — escalated to human analyst
11:53:41 Alert assigned to analyst: Marcus Webb
11:54:06 Investigation started — querying SIEM and threat intelligence
11:58:59 Containment action taken — endpoint isolated
12:06:17 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00063 4h ago DLP Policy Violation Low Escalated SRV-SQL-01
ALR-00125 6h ago Unauthorised USB Device Low Investigating VM-DEV-01
ALR-00457 7h ago Unauthorised USB Device High Open VM-DEV-01
ALR-00162 13h ago Unauthorised USB Device Medium Escalated SW-CORE-01
ALR-00468 19h ago Unauthorised USB Device Informational False Positive SRV-SQL-01