Port Scan Detected
Low
Resolved
ALR-00467 · 2026-07-06T20:39:21Z
Description
Sequential port scan (1-1024) detected targeting FW-EDGE-01 from external IP. DLP Module identified SYN scan pattern.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
20:39:21
Event ingested by SOC365 Engine
20:39:26
EmilyAI triage started — correlation enrichment
20:39:36
EmilyAI confidence: 78% — escalated to human analyst
20:40:06
Alert assigned to analyst: EmilyAI (auto)
20:41:26
Investigation started — querying SIEM and threat intelligence
20:48:21
Containment action taken — endpoint isolated
20:58:06
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00195 | 35m ago | Port Scan Detected | Medium | Investigating | WS-LAP-011 |
| ALR-00497 | 2h ago | Unusual Outbound Traffic | Low | Escalated | FW-EDGE-01 |
| ALR-00091 | 5h ago | Port Scan Detected | Medium | Escalated | WS-LAP-010 |
| ALR-00327 | 9h ago | Port Scan Detected | Medium | Open | WS-LAP-011 |
| ALR-00239 | 14h ago | Port Scan Detected | Low | Resolved | SW-CORE-01 |