Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:24:50 UTC

Unauthorised USB Device

Medium Investigating
ALR-00454 · 2026-04-09T23:55:20Z

Description

Unauthorised USB mass storage device connected to SRV-SQL-01 by user 'a.wilson'. Device blocked by Dark Web Monitor endpoint policy.

Alert Metadata

Alert ID
ALR-00454
Timestamp
2026-04-09T23:55:20Z
Severity
Medium
Status
Investigating
Detection Source
Dark Web Monitor
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
SRV-SQL-01
User Account
a.wilson
Source IP
91.215.195.133
Destination IP
10.1.129.102
Origin Country
FR France

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1091
Reference
attack.mitre.org/techniques/T1091

Investigation Timeline

23:55:20 Event ingested by SOC365 Engine
23:55:24 EmilyAI triage started — correlation enrichment
23:55:26 EmilyAI confidence: 88% — escalated to human analyst
23:55:52 Alert assigned to analyst: Sarah Chen
23:57:09 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00449 5h ago Unauthorised USB Device Medium False Positive FW-EDGE-01
ALR-00440 13h ago Anomalous DNS Query Critical Investigating SRV-SQL-01
ALR-00211 16h ago Unauthorised USB Device Low False Positive SRV-APP-01
ALR-00147 20h ago Unauthorised USB Device High Open WS-PC-004
ALR-00277 22h ago Rogue DHCP Server Low Investigating SRV-SQL-01