Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:54:58 UTC

Data Exfiltration Attempt

High Escalated
ALR-00011 · 2026-05-27T08:25:48Z

Description

Large data transfer (2.3GB) to cloud storage from SRV-WEB-01 by user 'n.clark'. Network IDS DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID
ALR-00011
Timestamp
2026-05-27T08:25:48Z
Severity
High
Status
Escalated
Detection Source
Network IDS
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
SRV-WEB-01
User Account
n.clark
Source IP
103.48.216.126
Destination IP
10.0.185.56
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567.002
Reference
attack.mitre.org/techniques/T1567.002

Investigation Timeline

08:25:48 Event ingested by SOC365 Engine
08:25:53 EmilyAI triage started — correlation enrichment
08:26:03 EmilyAI confidence: 78% — escalated to human analyst
08:26:26 Alert assigned to analyst: Anika Patel
08:26:33 Investigation started — querying SIEM and threat intelligence
08:30:47 Containment action taken — endpoint isolated
08:41:53 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00094 9h ago Data Exfiltration Attempt Informational Resolved WS-PC-006
ALR-00406 10h ago Data Exfiltration Attempt Informational False Positive SRV-WEB-01
ALR-00331 12h ago Data Exfiltration Attempt Informational Resolved AP-WIFI-03
ALR-00293 14h ago Data Exfiltration Attempt Low Escalated WS-LAP-012
ALR-00399 18h ago Data Exfiltration Attempt Medium Investigating SW-CORE-01