Port Scan Detected
Low
Resolved
ALR-00493 · 2026-07-08T11:36:31Z
Description
Sequential port scan (1-1024) detected targeting SW-CORE-01 from external IP. DecoyPulse identified SYN scan pattern.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:36:31
Event ingested by SOC365 Engine
11:36:36
EmilyAI triage started — correlation enrichment
11:36:40
EmilyAI confidence: 91% — escalated to human analyst
11:37:02
Alert assigned to analyst: EmilyAI (auto)
11:37:18
Investigation started — querying SIEM and threat intelligence
11:40:44
Containment action taken — endpoint isolated
11:47:52
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00047 | 5h ago | Port Scan Detected | Informational | Open | SRV-APP-01 |
| ALR-00383 | 6h ago | Unauthorised USB Device | Low | False Positive | SW-CORE-01 |
| ALR-00296 | 12h ago | Brute Force SSH | Medium | Resolved | SW-CORE-01 |
| ALR-00320 | 22h ago | Brute Force SSH | Medium | Open | SW-CORE-01 |
| ALR-00072 | 1d ago | Port Scan Detected | High | Investigating | WS-PC-004 |