Unauthorised USB Device
Medium
Escalated
ALR-00421 · 2026-07-09T18:37:31Z
Description
Unauthorised USB mass storage device connected to WS-PC-003 by user 'n.clark'. Device blocked by SOC365 Engine endpoint policy.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
18:37:31
Event ingested by SOC365 Engine
18:37:34
EmilyAI triage started — correlation enrichment
18:37:36
EmilyAI confidence: 82% — escalated to human analyst
18:37:56
Alert assigned to analyst: Marcus Webb
18:39:11
Investigation started — querying SIEM and threat intelligence
18:42:08
Containment action taken — endpoint isolated
18:52:53
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00269 | 45m ago | Unauthorised USB Device | High | Investigating | FW-EDGE-01 |
| ALR-00441 | 3h ago | Suspicious PowerShell Execution | Informational | Open | WS-PC-003 |
| ALR-00108 | 4h ago | Data Exfiltration Attempt | Medium | Open | WS-PC-003 |
| ALR-00451 | 5h ago | Suspicious PowerShell Execution | Medium | Open | WS-PC-003 |
| ALR-00059 | 7h ago | Unauthorised USB Device | High | Investigating | SRV-FILE-01 |