Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 16:55:53 UTC

Tor Exit Node Connection

Medium Investigating
ALR-00412 · 2026-04-06T16:08:03Z

Description

Connection from FW-EDGE-01 to known Tor exit node detected by EmilyAI Triage. User 'j.smith' was active at the time.

Alert Metadata

Alert ID
ALR-00412
Timestamp
2026-04-06T16:08:03Z
Severity
Medium
Status
Investigating
Detection Source
EmilyAI Triage
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
FW-EDGE-01
User Account
j.smith
Source IP
185.135.220.164
Destination IP
10.1.64.3
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

16:08:03 Event ingested by SOC365 Engine
16:08:08 EmilyAI triage started — correlation enrichment
16:08:16 EmilyAI confidence: 93% — escalated to human analyst
16:08:25 Alert assigned to analyst: Emma Richardson
16:10:37 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00293 7h ago Tor Exit Node Connection Informational Escalated VM-DEV-01
ALR-00382 7h ago Tor Exit Node Connection Low False Positive AP-WIFI-03
ALR-00040 11h ago Phishing Email Blocked Low Resolved FW-EDGE-01
ALR-00429 12h ago Tor Exit Node Connection Low Resolved AP-WIFI-03
ALR-00309 12h ago Rogue DHCP Server Low Escalated FW-EDGE-01