Suspicious activity on SRV-DC-01 — need urgent review
TKT-0001
Urgent
Open
Incident Response
- Created By
- r.davies
- Created
- 2026-06-26 08:05
- Last Updated
- 2026-06-29 07:12
- Assigned Analyst
- Marcus Webb
- Category
- Incident Response
- Messages
- 7
Conversation
r.davies
Customer
2026-06-26 08:05
We've noticed some concerning activity and would like the SOC team to investigate urgently.
Subject: Suspicious activity on SRV-DC-01 — need urgent review
Please provide an initial assessment as soon as possible. Our IT team is standing by to assist with any containment actions needed.
Subject: Suspicious activity on SRV-DC-01 — need urgent review
Please provide an initial assessment as soon as possible. Our IT team is standing by to assist with any containment actions needed.
Marcus Webb
SOC Analyst
2026-06-26 09:39
We've applied the policy change you requested. It will take effect within 15 minutes across all monitored endpoints. Please let us know if you see any issues.
r.davies
Customer
2026-06-26 13:21
Thanks for the quick response. Can you send me the full timeline when it's ready?
Marcus Webb
SOC Analyst
2026-06-26 16:06
Good news — our analysis confirms this is a true positive. We've implemented the containment measures and will send a full incident summary within 24 hours.
r.davies
Customer
2026-06-26 17:25
Understood. Is there anything we need to do on our end in the meantime?
Marcus Webb
SOC Analyst
2026-06-26 21:08
We've applied the policy change you requested. It will take effect within 15 minutes across all monitored endpoints. Please let us know if you see any issues.
r.davies
Customer
2026-06-26 21:44
Thanks. Could you also check if any other accounts were affected?