Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:01:31 UTC

Insider Threat Indicator

High Investigating
ALR-00486 · 2026-05-23T22:43:22Z

Description

Anomalous after-hours access by 'f.hall' on WS-PC-004. Accessed 847 files across 12 shares in 45 minutes. Pattern flagged by Dark Web Monitor.

Alert Metadata

Alert ID
ALR-00486
Timestamp
2026-05-23T22:43:22Z
Severity
High
Status
Investigating
Detection Source
Dark Web Monitor
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
WS-PC-004
User Account
f.hall
Source IP
185.97.220.176
Destination IP
10.0.184.232
Origin Country
GB United Kingdom

MITRE ATT&CK Mapping

Tactic
Collection
Technique
T1119
Reference
attack.mitre.org/techniques/T1119

Investigation Timeline

22:43:22 Event ingested by SOC365 Engine
22:43:27 EmilyAI triage started — correlation enrichment
22:43:27 EmilyAI confidence: 82% — escalated to human analyst
22:43:54 Alert assigned to analyst: Marcus Webb
22:45:39 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00478 1h ago Insider Threat Indicator Low Escalated SRV-WEB-01
ALR-00389 12h ago Insider Threat Indicator Medium Open SW-CORE-01
ALR-00272 17h ago Insider Threat Indicator Informational Resolved WS-PC-001
ALR-00100 18h ago C2 Beacon Activity Informational Open WS-PC-004
ALR-00291 23h ago Pass-the-Hash Detected Medium Escalated WS-PC-004