Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:38:40 UTC

Suspicious activity on SRV-DC-01 — need urgent review

TKT-0001 Urgent Open Incident Response
Created By
r.davies
Created
2026-06-26 08:05
Last Updated
2026-06-29 07:12
Assigned Analyst
Marcus Webb
Category
Incident Response
Messages
7

Conversation

r.davies Customer
2026-06-26 08:05
We've noticed some concerning activity and would like the SOC team to investigate urgently.

Subject: Suspicious activity on SRV-DC-01 — need urgent review

Please provide an initial assessment as soon as possible. Our IT team is standing by to assist with any containment actions needed.
Marcus Webb SOC Analyst
2026-06-26 09:39
We've applied the policy change you requested. It will take effect within 15 minutes across all monitored endpoints. Please let us know if you see any issues.
r.davies Customer
2026-06-26 13:21
Thanks for the quick response. Can you send me the full timeline when it's ready?
Marcus Webb SOC Analyst
2026-06-26 16:06
Good news — our analysis confirms this is a true positive. We've implemented the containment measures and will send a full incident summary within 24 hours.
r.davies Customer
2026-06-26 17:25
Understood. Is there anything we need to do on our end in the meantime?
Marcus Webb SOC Analyst
2026-06-26 21:08
We've applied the policy change you requested. It will take effect within 15 minutes across all monitored endpoints. Please let us know if you see any issues.
r.davies Customer
2026-06-26 21:44
Thanks. Could you also check if any other accounts were affected?

Reply