Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:39:26 UTC

DLP Policy Violation

Low Escalated
ALR-00028 · 2026-07-07T17:58:35Z

Description

DLP policy violation: user 'l.johnson' attempted to email 3 files classified as 'Confidential' to external address from SRV-DC-01.

Alert Metadata

Alert ID
ALR-00028
Timestamp
2026-07-07T17:58:35Z
Severity
Low
Status
Escalated
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-DC-01
User Account
l.johnson
Source IP
194.160.62.155
Destination IP
10.1.193.163
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1048
Reference
attack.mitre.org/techniques/T1048

Investigation Timeline

17:58:35 Event ingested by SOC365 Engine
17:58:39 EmilyAI triage started — correlation enrichment
17:58:47 EmilyAI confidence: 95% — escalated to human analyst
17:59:19 Alert assigned to analyst: EmilyAI (auto)
18:00:15 Investigation started — querying SIEM and threat intelligence
18:07:17 Containment action taken — endpoint isolated
18:16:41 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00084 4h ago Malware Signature Match Low False Positive SRV-DC-01
ALR-00267 8h ago Phishing Email Blocked Medium Open SRV-DC-01
ALR-00420 9h ago Malware Signature Match Medium False Positive SRV-DC-01
ALR-00235 15h ago Lateral Movement Detected Medium Open SRV-DC-01
ALR-00040 16h ago DLP Policy Violation Low False Positive WS-PC-004