Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 14:39:40 UTC

Shadow IT Discovery

Informational Resolved
ALR-00004 · 2026-05-23T12:57:20Z

Description

DLP Module discovered unauthorised SaaS application (file sharing) used by 'l.johnson'. 14GB of company data synced to unapproved cloud storage.

Alert Metadata

Alert ID
ALR-00004
Timestamp
2026-05-23T12:57:20Z
Severity
Informational
Status
Resolved
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-003
User Account
l.johnson
Source IP
103.177.216.159
Destination IP
10.2.88.176
Origin Country
GB United Kingdom

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567
Reference
attack.mitre.org/techniques/T1567

Investigation Timeline

12:57:20 Event ingested by SOC365 Engine
12:57:25 EmilyAI triage started — correlation enrichment
12:57:29 EmilyAI confidence: 91% — escalated to human analyst
12:57:44 Alert assigned to analyst: EmilyAI (auto)
12:58:07 Investigation started — querying SIEM and threat intelligence
13:07:10 Containment action taken — endpoint isolated
13:10:09 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00465 2h ago Unauthorised USB Device Medium False Positive WS-PC-003
ALR-00451 4h ago Shadow IT Discovery High Open WS-MAC-005
ALR-00027 9h ago Pass-the-Hash Detected Low Resolved WS-PC-003
ALR-00323 12h ago Shadow IT Discovery Low Escalated SRV-APP-01
ALR-00140 15h ago Ransomware Behaviour Detected Low Escalated WS-PC-003