Port Scan Detected
Low
Escalated
ALR-00430 · 2026-07-11T00:02:53Z
Description
Sequential port scan (1-1024) detected targeting SRV-SQL-01 from external IP. Attack Surface Scanner identified SYN scan pattern.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
00:02:53
Event ingested by SOC365 Engine
00:02:56
EmilyAI triage started — correlation enrichment
00:03:03
EmilyAI confidence: 90% — escalated to human analyst
00:03:18
Alert assigned to analyst: EmilyAI (auto)
00:04:43
Investigation started — querying SIEM and threat intelligence
00:07:51
Containment action taken — endpoint isolated
00:20:23
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00384 | 4h ago | Port Scan Detected | Informational | Resolved | SRV-FILE-01 |
| ALR-00475 | 5h ago | Certificate Anomaly | Informational | Escalated | SRV-SQL-01 |
| ALR-00453 | 6h ago | Port Scan Detected | Medium | Investigating | WS-PC-001 |
| ALR-00319 | 9h ago | Port Scan Detected | Low | Investigating | FW-EDGE-01 |
| ALR-00462 | 10h ago | DLP Policy Violation | Low | Escalated | SRV-SQL-01 |