Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:41:23 UTC

Data Exfiltration Attempt

Low Escalated
ALR-00019 · 2026-07-05T15:59:49Z

Description

Large data transfer (2.3GB) to cloud storage from WS-PC-003 by user 'f.hall'. Dark Web Monitor DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID
ALR-00019
Timestamp
2026-07-05T15:59:49Z
Severity
Low
Status
Escalated
Detection Source
Dark Web Monitor
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-003
User Account
f.hall
Source IP
45.68.148.44
Destination IP
10.2.166.97
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567.002
Reference
attack.mitre.org/techniques/T1567.002

Investigation Timeline

15:59:49 Event ingested by SOC365 Engine
15:59:53 EmilyAI triage started — correlation enrichment
16:00:01 EmilyAI confidence: 92% — escalated to human analyst
16:00:26 Alert assigned to analyst: EmilyAI (auto)
16:01:01 Investigation started — querying SIEM and threat intelligence
16:06:33 Containment action taken — endpoint isolated
16:11:30 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00198 21h ago Data Exfiltration Attempt Medium Investigating WS-LAP-012
ALR-00345 1d ago Data Exfiltration Attempt Low Investigating SRV-MAIL-01
ALR-00265 1d ago Data Exfiltration Attempt Medium Open WS-LAP-011
ALR-00460 1d ago Lateral Movement Detected High Open WS-PC-003
ALR-00080 1d ago Data Exfiltration Attempt High Escalated SRV-BACKUP-01