Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:42:52 UTC

Unauthorised USB Device

Informational Open
ALR-00433 · 2026-07-08T00:52:05Z

Description

Unauthorised USB mass storage device connected to WS-LAP-012 by user 'd.walker'. Device blocked by Attack Surface Scanner endpoint policy.

Alert Metadata

Alert ID
ALR-00433
Timestamp
2026-07-08T00:52:05Z
Severity
Informational
Status
Open
Detection Source
Attack Surface Scanner
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-LAP-012
User Account
d.walker
Source IP
91.58.195.15
Destination IP
10.3.223.123
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1091
Reference
attack.mitre.org/techniques/T1091

Investigation Timeline

00:52:05 Event ingested by SOC365 Engine
00:52:10 EmilyAI triage started — correlation enrichment
00:52:20 EmilyAI confidence: 97% — escalated to human analyst
00:52:38 Alert assigned to analyst: EmilyAI (auto)
00:54:18 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00364 1h ago Unauthorised USB Device Informational Open WS-PC-004
ALR-00457 15h ago Malware Signature Match Medium Open WS-LAP-012
ALR-00322 17h ago Unauthorised USB Device Low False Positive WS-PC-001
ALR-00259 21h ago Unauthorised USB Device High Open SRV-WEB-01
ALR-00291 1d ago Unauthorised USB Device Medium False Positive WS-MAC-005