Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:18:47 UTC

Tor Exit Node Connection

Medium False Positive
ALR-00441 · 2026-04-12T10:26:57Z

Description

Connection from SRV-APP-01 to known Tor exit node detected by Endpoint Agent. User 'c.williams' was active at the time.

Alert Metadata

Alert ID
ALR-00441
Timestamp
2026-04-12T10:26:57Z
Severity
Medium
Status
False Positive
Detection Source
Endpoint Agent
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
SRV-APP-01
User Account
c.williams
Source IP
45.59.148.76
Destination IP
10.0.163.150
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

10:26:57 Event ingested by SOC365 Engine
10:26:58 EmilyAI triage started — correlation enrichment
10:27:12 EmilyAI confidence: 98% — escalated to human analyst
10:27:40 Alert assigned to analyst: Sarah Chen
10:27:43 Investigation started — querying SIEM and threat intelligence
10:36:09 Containment action taken — endpoint isolated
10:46:40 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00168 1h ago Tor Exit Node Connection Informational Escalated WS-LAP-010
ALR-00424 11h ago Brute Force SSH High Open SRV-APP-01
ALR-00311 16h ago Insider Threat Indicator Informational Escalated SRV-APP-01
ALR-00121 17h ago Tor Exit Node Connection Informational Resolved WS-PC-006
ALR-00405 17h ago Unusual Outbound Traffic High Investigating SRV-APP-01