Insider Threat Indicator
Low
False Positive
ALR-00420 · 2026-07-07T13:53:50Z
Description
Anomalous after-hours access by 'h.roberts' on WS-PC-002. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by DLP Module.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
13:53:50
Event ingested by SOC365 Engine
13:53:54
EmilyAI triage started — correlation enrichment
13:54:03
EmilyAI confidence: 89% — escalated to human analyst
13:54:12
Alert assigned to analyst: EmilyAI (auto)
13:55:01
Investigation started — querying SIEM and threat intelligence
14:00:08
Containment action taken — endpoint isolated
14:05:08
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00349 | 1h ago | Suspicious Scheduled Task | Medium | Open | WS-PC-002 |
| ALR-00112 | 2h ago | C2 Beacon Activity | Low | False Positive | WS-PC-002 |
| ALR-00235 | 9h ago | Port Scan Detected | Low | False Positive | WS-PC-002 |
| ALR-00297 | 10h ago | Data Exfiltration Attempt | Informational | Open | WS-PC-002 |
| ALR-00183 | 10h ago | Insider Threat Indicator | Medium | Resolved | WS-MAC-005 |