Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:53:13 UTC

Insider Threat Indicator

Medium Escalated
ALR-00434 · 2026-07-09T16:16:34Z

Description

Anomalous after-hours access by 'r.davies' on SRV-WEB-01. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Attack Surface Scanner.

Alert Metadata

Alert ID
ALR-00434
Timestamp
2026-07-09T16:16:34Z
Severity
Medium
Status
Escalated
Detection Source
Attack Surface Scanner
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
SRV-WEB-01
User Account
r.davies
Source IP
185.118.220.69
Destination IP
10.1.85.222
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Collection
Technique
T1119
Reference
attack.mitre.org/techniques/T1119

Investigation Timeline

16:16:34 Event ingested by SOC365 Engine
16:16:35 EmilyAI triage started — correlation enrichment
16:16:42 EmilyAI confidence: 88% — escalated to human analyst
16:17:08 Alert assigned to analyst: James Okonkwo
16:17:49 Investigation started — querying SIEM and threat intelligence
16:21:47 Containment action taken — endpoint isolated
16:31:13 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00234 39m ago Insider Threat Indicator Medium Investigating SW-CORE-01
ALR-00062 6h ago Suspicious Scheduled Task Low Investigating SRV-WEB-01
ALR-00013 11h ago Data Exfiltration Attempt Medium Escalated SRV-WEB-01
ALR-00404 12h ago Insider Threat Indicator High Open WS-LAP-011
ALR-00094 16h ago Insider Threat Indicator Low Escalated WS-LAP-010