Insider Threat Indicator
Medium
Escalated
ALR-00434 · 2026-07-09T16:16:34Z
Description
Anomalous after-hours access by 'r.davies' on SRV-WEB-01. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Attack Surface Scanner.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
16:16:34
Event ingested by SOC365 Engine
16:16:35
EmilyAI triage started — correlation enrichment
16:16:42
EmilyAI confidence: 88% — escalated to human analyst
16:17:08
Alert assigned to analyst: James Okonkwo
16:17:49
Investigation started — querying SIEM and threat intelligence
16:21:47
Containment action taken — endpoint isolated
16:31:13
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00234 | 39m ago | Insider Threat Indicator | Medium | Investigating | SW-CORE-01 |
| ALR-00062 | 6h ago | Suspicious Scheduled Task | Low | Investigating | SRV-WEB-01 |
| ALR-00013 | 11h ago | Data Exfiltration Attempt | Medium | Escalated | SRV-WEB-01 |
| ALR-00404 | 12h ago | Insider Threat Indicator | High | Open | WS-LAP-011 |
| ALR-00094 | 16h ago | Insider Threat Indicator | Low | Escalated | WS-LAP-010 |