Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 22:45:52 UTC

Certificate Anomaly

High Open
ALR-00496 · 2026-07-09T13:38:45Z

Description

TLS certificate anomaly detected on WS-PC-001. Self-signed certificate on port 443 does not match expected corporate CA chain.

Alert Metadata

Alert ID
ALR-00496
Timestamp
2026-07-09T13:38:45Z
Severity
High
Status
Open
Detection Source
Endpoint Agent
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
WS-PC-001
User Account
s.jones
Source IP
194.252.62.155
Destination IP
10.0.22.36
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Defence Evasion
Technique
T1553.004
Reference
attack.mitre.org/techniques/T1553.004

Investigation Timeline

13:38:45 Event ingested by SOC365 Engine
13:38:46 EmilyAI triage started — correlation enrichment
13:38:50 EmilyAI confidence: 89% — escalated to human analyst
13:39:04 Alert assigned to analyst: James Okonkwo
13:40:34 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00172 1h ago Certificate Anomaly Medium Investigating WS-LAP-011
ALR-00052 3h ago Privilege Escalation Attempt Medium Escalated WS-PC-001
ALR-00464 10h ago Certificate Anomaly Medium False Positive WS-PC-004
ALR-00082 10h ago Brute Force SSH High Open WS-PC-001
ALR-00348 11h ago Certificate Anomaly Informational False Positive WS-PC-006