Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:01:57 UTC

Tor Exit Node Connection

Medium Resolved
ALR-00451 · 2026-05-26T08:18:21Z

Description

Connection from SRV-FILE-01 to known Tor exit node detected by Network IDS. User 'h.roberts' was active at the time.

Alert Metadata

Alert ID
ALR-00451
Timestamp
2026-05-26T08:18:21Z
Severity
Medium
Status
Resolved
Detection Source
Network IDS
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
SRV-FILE-01
User Account
h.roberts
Source IP
103.129.216.197
Destination IP
10.3.203.183
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

08:18:21 Event ingested by SOC365 Engine
08:18:26 EmilyAI triage started — correlation enrichment
08:18:27 EmilyAI confidence: 91% — escalated to human analyst
08:18:49 Alert assigned to analyst: Sarah Chen
08:20:22 Investigation started — querying SIEM and threat intelligence
08:22:10 Containment action taken — endpoint isolated
08:37:17 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00453 7h ago Tor Exit Node Connection Low Investigating SRV-MAIL-01
ALR-00222 11h ago Tor Exit Node Connection Low Investigating FW-EDGE-01
ALR-00016 14h ago Kerberoasting Attempt High Investigating SRV-FILE-01
ALR-00473 18h ago Tor Exit Node Connection Medium False Positive WS-PC-002
ALR-00279 21h ago Tor Exit Node Connection Critical Escalated SRV-APP-01