Unusual Outbound Traffic
Low
False Positive
ALR-00040 · 2026-07-09T18:09:30Z
Description
Unusual outbound traffic pattern from SRV-BACKUP-01 to IP in Eastern Europe. 450MB transferred over non-standard port. Flagged by SOC365 Engine.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
18:09:30
Event ingested by SOC365 Engine
18:09:32
EmilyAI triage started — correlation enrichment
18:09:45
EmilyAI confidence: 86% — escalated to human analyst
18:10:08
Alert assigned to analyst: EmilyAI (auto)
18:10:38
Investigation started — querying SIEM and threat intelligence
18:18:44
Containment action taken — endpoint isolated
18:28:53
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00492 | 1h ago | Privilege Escalation Attempt | Medium | Investigating | SRV-BACKUP-01 |
| ALR-00185 | 1h ago | C2 Beacon Activity | Informational | Escalated | SRV-BACKUP-01 |
| ALR-00253 | 4h ago | Unusual Outbound Traffic | Informational | Investigating | WS-PC-004 |
| ALR-00050 | 10h ago | Ransomware Behaviour Detected | Low | Open | SRV-BACKUP-01 |
| ALR-00171 | 10h ago | Unusual Outbound Traffic | Informational | False Positive | WS-PC-004 |