Data Exfiltration Attempt
Medium
False Positive
ALR-00031 · 2026-05-26T11:31:15Z
Description
Large data transfer (2.3GB) to cloud storage from SRV-MAIL-01 by user 'e.evans'. DLP Module DLP policy triggered — sensitive documents detected.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:31:15
Event ingested by SOC365 Engine
11:31:19
EmilyAI triage started — correlation enrichment
11:31:30
EmilyAI confidence: 89% — escalated to human analyst
11:31:59
Alert assigned to analyst: Anika Patel
11:32:17
Investigation started — querying SIEM and threat intelligence
11:40:01
Containment action taken — endpoint isolated
11:49:35
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00458 | 1h ago | C2 Beacon Activity | Informational | Resolved | SRV-MAIL-01 |
| ALR-00368 | 5h ago | Lateral Movement Detected | Medium | Open | SRV-MAIL-01 |
| ALR-00011 | 7h ago | Data Exfiltration Attempt | High | Escalated | SRV-WEB-01 |
| ALR-00094 | 9h ago | Data Exfiltration Attempt | Informational | Resolved | WS-PC-006 |
| ALR-00406 | 10h ago | Data Exfiltration Attempt | Informational | False Positive | SRV-WEB-01 |