Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:46:06 UTC

Insider Threat Indicator

Informational False Positive
ALR-00465 · 2026-07-07T06:30:37Z

Description

Anomalous after-hours access by 'f.hall' on FW-EDGE-01. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Firewall.

Alert Metadata

Alert ID
ALR-00465
Timestamp
2026-07-07T06:30:37Z
Severity
Informational
Status
False Positive
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
FW-EDGE-01
User Account
f.hall
Source IP
194.61.62.122
Destination IP
10.1.218.205
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Collection
Technique
T1119
Reference
attack.mitre.org/techniques/T1119

Investigation Timeline

06:30:37 Event ingested by SOC365 Engine
06:30:42 EmilyAI triage started — correlation enrichment
06:30:44 EmilyAI confidence: 96% — escalated to human analyst
06:30:59 Alert assigned to analyst: EmilyAI (auto)
06:32:07 Investigation started — querying SIEM and threat intelligence
06:35:51 Containment action taken — endpoint isolated
06:47:57 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00243 7h ago Insider Threat Indicator High Escalated SRV-MAIL-01
ALR-00304 8h ago Insider Threat Indicator Medium Escalated WS-MAC-005
ALR-00486 17h ago Insider Threat Indicator Low Escalated SRV-MAIL-01
ALR-00284 23h ago Credential Stuffing Attempt Informational Investigating FW-EDGE-01
ALR-00066 1d ago Insider Threat Indicator Informational Resolved WS-PC-003