Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:37:09 UTC

Suspicious activity on SRV-DC-01 — need urgent review

TKT-0001 Urgent Open Incident Response
Created By
l.johnson
Created
2026-06-21 13:57
Last Updated
2026-06-23 06:47
Assigned Analyst
Emma Richardson
Category
Incident Response
Messages
9

Conversation

l.johnson Customer
2026-06-21 13:57
We've noticed some concerning activity and would like the SOC team to investigate urgently.

Subject: Suspicious activity on SRV-DC-01 — need urgent review

Please provide an initial assessment as soon as possible. Our IT team is standing by to assist with any containment actions needed.
Emma Richardson SOC Analyst
2026-06-21 14:31
I've updated the DLP policy as requested. The HR shared drive is now excluded from the external transfer monitoring rule, but internal audit logging remains active.
l.johnson Customer
2026-06-21 18:30
We've applied the patch on our end. Can you run a verification scan?
Emma Richardson SOC Analyst
2026-06-21 21:15
Good news — our analysis confirms this is a true positive. We've implemented the containment measures and will send a full incident summary within 24 hours.
l.johnson Customer
2026-06-21 23:42
Thanks. Could you also check if any other accounts were affected?
Emma Richardson SOC Analyst
2026-06-22 02:16
The alert you referenced (ALR-00023) was generated by our DecoyPulse honeypot system. This has zero false positive rate — the activity is genuine and warrants investigation.
l.johnson Customer
2026-06-22 03:53
That's reassuring. Can we schedule a call to discuss the remediation steps?
Emma Richardson SOC Analyst
2026-06-22 06:14
I've checked with our threat intelligence team. The dark web finding is from a third-party breach, not a direct compromise. We recommend enforcing a password reset for the affected account.
l.johnson Customer
2026-06-22 09:46
We've applied the patch on our end. Can you run a verification scan?

Reply