Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:54:00 UTC

Phishing Email Blocked

Medium Open
ALR-00431 · 2026-07-06T13:20:29Z

Description

Phishing email targeting 'k.brown@company.co.uk' blocked by Attack Surface Scanner. Payload: credential harvesting link mimicking Microsoft 365 login.

Alert Metadata

Alert ID
ALR-00431
Timestamp
2026-07-06T13:20:29Z
Severity
Medium
Status
Open
Detection Source
Attack Surface Scanner
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SW-CORE-01
User Account
k.brown
Source IP
45.86.148.191
Destination IP
10.3.150.89
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1566.001
Reference
attack.mitre.org/techniques/T1566.001

Investigation Timeline

13:20:29 Event ingested by SOC365 Engine
13:20:32 EmilyAI triage started — correlation enrichment
13:20:40 EmilyAI confidence: 92% — escalated to human analyst
13:20:47 Alert assigned to analyst: Marcus Webb
13:22:45 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00145 5h ago Phishing Email Blocked Medium False Positive WS-LAP-011
ALR-00021 6h ago Phishing Email Blocked Low False Positive WS-LAP-010
ALR-00086 9h ago Suspicious Scheduled Task Medium Investigating SW-CORE-01
ALR-00204 9h ago Lateral Movement Detected Low Resolved SW-CORE-01
ALR-00468 12h ago Phishing Email Blocked Medium Open SRV-FILE-01