Port Scan Detected
Informational
Escalated
ALR-00465 · 2026-07-07T19:04:35Z
Description
Sequential port scan (1-1024) detected targeting WS-PC-002 from external IP. SOC365 Engine identified SYN scan pattern.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
19:04:35
Event ingested by SOC365 Engine
19:04:36
EmilyAI triage started — correlation enrichment
19:04:46
EmilyAI confidence: 78% — escalated to human analyst
19:05:06
Alert assigned to analyst: EmilyAI (auto)
19:05:37
Investigation started — querying SIEM and threat intelligence
19:09:02
Containment action taken — endpoint isolated
19:15:08
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00371 | 1h ago | Pass-the-Hash Detected | Informational | Investigating | WS-PC-002 |
| ALR-00055 | 5h ago | Port Scan Detected | High | Open | WS-PC-003 |
| ALR-00074 | 5h ago | Port Scan Detected | Medium | Investigating | SRV-MAIL-01 |
| ALR-00054 | 10h ago | Kerberoasting Attempt | Critical | Escalated | WS-PC-002 |
| ALR-00386 | 13h ago | Unusual Outbound Traffic | Medium | Investigating | WS-PC-002 |