Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:47:01 UTC

Tor Exit Node Connection

High Escalated
ALR-00447 · 2026-04-09T17:27:22Z

Description

Connection from SRV-WEB-01 to known Tor exit node detected by EmilyAI Triage. User 'p.thomas' was active at the time.

Alert Metadata

Alert ID
ALR-00447
Timestamp
2026-04-09T17:27:22Z
Severity
High
Status
Escalated
Detection Source
EmilyAI Triage
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SRV-WEB-01
User Account
p.thomas
Source IP
91.170.195.218
Destination IP
10.0.64.33
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

17:27:22 Event ingested by SOC365 Engine
17:27:23 EmilyAI triage started — correlation enrichment
17:27:28 EmilyAI confidence: 93% — escalated to human analyst
17:27:57 Alert assigned to analyst: Marcus Webb
17:28:20 Investigation started — querying SIEM and threat intelligence
17:34:22 Containment action taken — endpoint isolated
17:43:48 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00358 2h ago DecoyPulse Honeypot Triggered High Investigating SRV-WEB-01
ALR-00463 2h ago Brute Force SSH Informational False Positive SRV-WEB-01
ALR-00494 3h ago Tor Exit Node Connection Informational Investigating WS-LAP-010
ALR-00402 9h ago Lateral Movement Detected Medium Open SRV-WEB-01
ALR-00397 17h ago Tor Exit Node Connection Informational Investigating SRV-APP-01