Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:51:42 UTC

Tor Exit Node Connection

Critical Investigating
ALR-00447 · 2026-07-08T19:43:49Z

Description

Connection from WS-LAP-010 to known Tor exit node detected by DecoyPulse. User 'm.taylor' was active at the time.

Alert Metadata

Alert ID
ALR-00447
Timestamp
2026-07-08T19:43:49Z
Severity
Critical
Status
Investigating
Detection Source
DecoyPulse
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
WS-LAP-010
User Account
m.taylor
Source IP
103.182.216.40
Destination IP
10.0.178.83
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

19:43:49 Event ingested by SOC365 Engine
19:43:52 EmilyAI triage started — correlation enrichment
19:43:56 EmilyAI confidence: 80% — escalated to human analyst
19:44:14 Alert assigned to analyst: James Okonkwo
19:44:36 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00225 4h ago Tor Exit Node Connection High Open SW-CORE-01
ALR-00433 5h ago Tor Exit Node Connection Informational Investigating WS-PC-001
ALR-00357 13h ago Unauthorised USB Device Medium Investigating WS-LAP-010
ALR-00112 16h ago DLP Policy Violation Medium Resolved WS-LAP-010
ALR-00351 17h ago Tor Exit Node Connection Informational Investigating SRV-SQL-01