Insider Threat Indicator
Medium
Resolved
ALR-00458 · 2026-07-07T15:13:20Z
Description
Anomalous after-hours access by 'c.williams' on WS-MAC-005. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Endpoint Agent.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
15:13:20
Event ingested by SOC365 Engine
15:13:23
EmilyAI triage started — correlation enrichment
15:13:32
EmilyAI confidence: 96% — escalated to human analyst
15:13:40
Alert assigned to analyst: Emma Richardson
15:14:37
Investigation started — querying SIEM and threat intelligence
15:20:27
Containment action taken — endpoint isolated
15:33:19
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00112 | 3h ago | Lateral Movement Detected | Informational | Resolved | WS-MAC-005 |
| ALR-00272 | 9h ago | Suspicious Scheduled Task | High | Open | WS-MAC-005 |
| ALR-00010 | 9h ago | Insider Threat Indicator | Informational | Open | WS-LAP-010 |
| ALR-00180 | 11h ago | Pass-the-Hash Detected | High | Escalated | WS-MAC-005 |
| ALR-00129 | 17h ago | Insider Threat Indicator | Low | False Positive | VM-DEV-01 |