Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:05:36 UTC

Tor Exit Node Connection

Medium False Positive
ALR-00493 · 2026-05-27T07:57:43Z

Description

Connection from SRV-DC-01 to known Tor exit node detected by Network IDS. User 'c.williams' was active at the time.

Alert Metadata

Alert ID
ALR-00493
Timestamp
2026-05-27T07:57:43Z
Severity
Medium
Status
False Positive
Detection Source
Network IDS
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
SRV-DC-01
User Account
c.williams
Source IP
45.120.148.121
Destination IP
10.3.241.23
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1090.003
Reference
attack.mitre.org/techniques/T1090.003

Investigation Timeline

07:57:43 Event ingested by SOC365 Engine
07:57:45 EmilyAI triage started — correlation enrichment
07:57:48 EmilyAI confidence: 98% — escalated to human analyst
07:58:25 Alert assigned to analyst: Emma Richardson
08:00:38 Investigation started — querying SIEM and threat intelligence
08:06:30 Containment action taken — endpoint isolated
08:15:43 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00078 3h ago Phishing Email Blocked Medium Open SRV-DC-01
ALR-00441 6h ago Tor Exit Node Connection Low False Positive SRV-SQL-01
ALR-00278 8h ago Tor Exit Node Connection Informational Open WS-PC-006
ALR-00343 9h ago Port Scan Detected Medium Resolved SRV-DC-01
ALR-00327 12h ago Port Scan Detected Low Investigating SRV-DC-01