Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 23:00:29 UTC

Port Scan Detected

Low Resolved
ALR-00493 · 2026-07-08T11:36:31Z

Description

Sequential port scan (1-1024) detected targeting SW-CORE-01 from external IP. DecoyPulse identified SYN scan pattern.

Alert Metadata

Alert ID
ALR-00493
Timestamp
2026-07-08T11:36:31Z
Severity
Low
Status
Resolved
Detection Source
DecoyPulse
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SW-CORE-01
User Account
h.roberts
Source IP
194.187.62.178
Destination IP
10.3.37.141
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Reconnaissance
Technique
T1046
Reference
attack.mitre.org/techniques/T1046

Investigation Timeline

11:36:31 Event ingested by SOC365 Engine
11:36:36 EmilyAI triage started — correlation enrichment
11:36:40 EmilyAI confidence: 91% — escalated to human analyst
11:37:02 Alert assigned to analyst: EmilyAI (auto)
11:37:18 Investigation started — querying SIEM and threat intelligence
11:40:44 Containment action taken — endpoint isolated
11:47:52 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00047 5h ago Port Scan Detected Informational Open SRV-APP-01
ALR-00383 6h ago Unauthorised USB Device Low False Positive SW-CORE-01
ALR-00296 12h ago Brute Force SSH Medium Resolved SW-CORE-01
ALR-00320 22h ago Brute Force SSH Medium Open SW-CORE-01
ALR-00072 1d ago Port Scan Detected High Investigating WS-PC-004