Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:52:01 UTC

Port Scan Detected

Low Escalated
ALR-00430 · 2026-07-11T00:02:53Z

Description

Sequential port scan (1-1024) detected targeting SRV-SQL-01 from external IP. Attack Surface Scanner identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00430
Timestamp
2026-07-11T00:02:53Z
Severity
Low
Status
Escalated
Detection Source
Attack Surface Scanner
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-SQL-01
User Account
l.johnson
Source IP
185.75.220.68
Destination IP
10.2.242.107
Origin Country
CN China

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

00:02:53 Event ingested by SOC365 Engine
00:02:56 EmilyAI triage started — correlation enrichment
00:03:03 EmilyAI confidence: 90% — escalated to human analyst
00:03:18 Alert assigned to analyst: EmilyAI (auto)
00:04:43 Investigation started — querying SIEM and threat intelligence
00:07:51 Containment action taken — endpoint isolated
00:20:23 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00384 4h ago Port Scan Detected Informational Resolved SRV-FILE-01
ALR-00475 5h ago Certificate Anomaly Informational Escalated SRV-SQL-01
ALR-00453 6h ago Port Scan Detected Medium Investigating WS-PC-001
ALR-00319 9h ago Port Scan Detected Low Investigating FW-EDGE-01
ALR-00462 10h ago DLP Policy Violation Low Escalated SRV-SQL-01