Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:05:33 UTC

Unauthorised USB Device

Medium Escalated
ALR-00492 · 2026-05-23T02:51:52Z

Description

Unauthorised USB mass storage device connected to VM-DEV-01 by user 'k.brown'. Device blocked by Email Gateway endpoint policy.

Alert Metadata

Alert ID
ALR-00492
Timestamp
2026-05-23T02:51:52Z
Severity
Medium
Status
Escalated
Detection Source
Email Gateway
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
VM-DEV-01
User Account
k.brown
Source IP
185.223.220.153
Destination IP
10.1.182.40
Origin Country
FR France

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1091
Reference
attack.mitre.org/techniques/T1091

Investigation Timeline

02:51:52 Event ingested by SOC365 Engine
02:51:54 EmilyAI triage started — correlation enrichment
02:52:00 EmilyAI confidence: 96% — escalated to human analyst
02:52:19 Alert assigned to analyst: Marcus Webb
02:53:59 Investigation started — querying SIEM and threat intelligence
02:56:02 Containment action taken — endpoint isolated
03:02:33 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00209 6h ago Unauthorised USB Device Medium Escalated SRV-WEB-01
ALR-00058 8h ago Unauthorised USB Device Medium Escalated SRV-WEB-01
ALR-00262 12h ago Unauthorised USB Device Medium Escalated WS-LAP-012
ALR-00363 14h ago Unauthorised USB Device Medium Open SRV-DC-01
ALR-00405 16h ago Unauthorised USB Device Medium Resolved SRV-WEB-01