Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:23:12 UTC

Port Scan Detected

Low Open
ALR-00419 · 2026-04-05T15:39:59Z

Description

Sequential port scan (1-1024) detected targeting FW-EDGE-01 from external IP. DLP Module identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00419
Timestamp
2026-04-05T15:39:59Z
Severity
Low
Status
Open
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
FW-EDGE-01
User Account
d.walker
Source IP
91.153.195.205
Destination IP
10.0.52.185
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

15:39:59 Event ingested by SOC365 Engine
15:40:03 EmilyAI triage started — correlation enrichment
15:40:13 EmilyAI confidence: 90% — escalated to human analyst
15:40:41 Alert assigned to analyst: EmilyAI (auto)
15:42:54 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00294 3h ago DecoyPulse Honeypot Triggered High Open FW-EDGE-01
ALR-00409 7h ago Rogue DHCP Server High Investigating FW-EDGE-01
ALR-00275 9h ago Port Scan Detected Medium Resolved WS-PC-002
ALR-00177 12h ago Rogue DHCP Server Low Escalated FW-EDGE-01
ALR-00059 14h ago Ransomware Behaviour Detected Informational Investigating FW-EDGE-01