Data Exfiltration Attempt
Informational
Investigating
ALR-00001 · 2026-07-08T04:31:40Z
Description
Large data transfer (2.3GB) to cloud storage from WS-LAP-012 by user 'h.roberts'. Firewall DLP policy triggered — sensitive documents detected.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
04:31:40
Event ingested by SOC365 Engine
04:31:44
EmilyAI triage started — correlation enrichment
04:31:49
EmilyAI confidence: 80% — escalated to human analyst
04:32:17
Alert assigned to analyst: EmilyAI (auto)
04:33:51
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00205 | 1h ago | Data Exfiltration Attempt | Low | Open | WS-PC-003 |
| ALR-00170 | 2h ago | Data Exfiltration Attempt | Medium | Open | WS-LAP-011 |
| ALR-00469 | 2h ago | Ransomware Behaviour Detected | Informational | Open | WS-LAP-012 |
| ALR-00436 | 6h ago | DLP Policy Violation | Informational | False Positive | WS-LAP-012 |
| ALR-00418 | 16h ago | DecoyPulse Honeypot Triggered | Low | False Positive | WS-LAP-012 |