Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:55:03 UTC

DLP Policy Violation

Low Resolved
ALR-00039 · 2026-04-11T16:47:06Z

Description

DLP policy violation: user 'r.davies' attempted to email 3 files classified as 'Confidential' to external address from VM-DEV-01.

Alert Metadata

Alert ID
ALR-00039
Timestamp
2026-04-11T16:47:06Z
Severity
Low
Status
Resolved
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
VM-DEV-01
User Account
r.davies
Source IP
194.154.62.199
Destination IP
10.0.58.68
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1048
Reference
attack.mitre.org/techniques/T1048

Investigation Timeline

16:47:06 Event ingested by SOC365 Engine
16:47:08 EmilyAI triage started — correlation enrichment
16:47:13 EmilyAI confidence: 86% — escalated to human analyst
16:47:35 Alert assigned to analyst: EmilyAI (auto)
16:47:55 Investigation started — querying SIEM and threat intelligence
16:51:28 Containment action taken — endpoint isolated
17:03:05 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00182 5h ago DLP Policy Violation Medium Escalated SRV-APP-01
ALR-00132 5h ago DLP Policy Violation Low False Positive SRV-WEB-01
ALR-00386 13h ago Ransomware Behaviour Detected Low False Positive VM-DEV-01
ALR-00029 13h ago Shadow IT Discovery Informational Resolved VM-DEV-01
ALR-00448 17h ago Suspicious PowerShell Execution Medium Open VM-DEV-01