Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:06:41 UTC

Malware Signature Match

Medium False Positive
ALR-00463 · 2026-05-26T19:15:13Z

Description

Known malware signature (Emotet variant) detected in file on SRV-APP-01. Endpoint Agent quarantined the file. User context: r.davies.

Alert Metadata

Alert ID
ALR-00463
Timestamp
2026-05-26T19:15:13Z
Severity
Medium
Status
False Positive
Detection Source
Endpoint Agent
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SRV-APP-01
User Account
r.davies
Source IP
194.122.62.201
Destination IP
10.0.46.80
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Execution
Technique
T1204.002
Reference
attack.mitre.org/techniques/T1204.002

Investigation Timeline

19:15:13 Event ingested by SOC365 Engine
19:15:18 EmilyAI triage started — correlation enrichment
19:15:18 EmilyAI confidence: 85% — escalated to human analyst
19:15:46 Alert assigned to analyst: Marcus Webb
19:16:29 Investigation started — querying SIEM and threat intelligence
19:24:33 Containment action taken — endpoint isolated
19:30:06 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00266 1m ago Unusual Outbound Traffic Informational Escalated SRV-APP-01
ALR-00443 1h ago Brute Force SSH Medium Open SRV-APP-01
ALR-00431 6h ago DLP Policy Violation Low Investigating SRV-APP-01
ALR-00468 10h ago Tor Exit Node Connection Medium Open SRV-APP-01
ALR-00180 10h ago Lateral Movement Detected Informational Investigating SRV-APP-01