Data Exfiltration Attempt

Informational Resolved

ALR-00010 · 2026-04-12T01:28:37Z

Description

Large data transfer (2.3GB) to cloud storage from SW-CORE-01 by user 'r.davies'. Attack Surface Scanner DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID: ALR-00010
Timestamp: 2026-04-12T01:28:37Z
Severity: Informational
Status: Resolved
Detection Source: Attack Surface Scanner
Assigned Analyst: EmilyAI (auto)

Endpoint Information

Hostname: SW-CORE-01
User Account: r.davies
Source IP: 185.82.220.1
Destination IP: 10.1.136.204
Origin Country: NG Nigeria

MITRE ATT&CK Mapping

Tactic: Exfiltration
Technique: T1567.002
Reference: attack.mitre.org/techniques/T1567.002

Investigation Timeline

01:28:37 Event ingested by SOC365 Engine

01:28:42 EmilyAI triage started — correlation enrichment

01:28:46 EmilyAI confidence: 97% — escalated to human analyst

01:29:21 Alert assigned to analyst: EmilyAI (auto)

01:30:13 Investigation started — querying SIEM and threat intelligence

01:38:05 Containment action taken — endpoint isolated

01:38:50 Alert resolved — remediation complete

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00333	54m ago	Malware Signature Match	Medium	Open	SW-CORE-01
ALR-00126	3h ago	Data Exfiltration Attempt	Medium	Investigating	AP-WIFI-03
ALR-00260	5h ago	Failed MFA Challenge	High	Escalated	SW-CORE-01
ALR-00236	13h ago	Suspicious Scheduled Task	Medium	False Positive	SW-CORE-01
ALR-00457	17h ago	Suspicious PowerShell Execution	Low	Resolved	SW-CORE-01