Data Exfiltration Attempt
Medium
False Positive
ALR-00042 · 2026-07-10T11:02:07Z
Description
Large data transfer (2.3GB) to cloud storage from WS-PC-001 by user 'l.johnson'. Firewall DLP policy triggered — sensitive documents detected.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:02:07
Event ingested by SOC365 Engine
11:02:10
EmilyAI triage started — correlation enrichment
11:02:20
EmilyAI confidence: 80% — escalated to human analyst
11:02:41
Alert assigned to analyst: Marcus Webb
11:05:05
Investigation started — querying SIEM and threat intelligence
11:08:19
Containment action taken — endpoint isolated
11:15:05
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00417 | 11h ago | Ransomware Behaviour Detected | Medium | Escalated | WS-PC-001 |
| ALR-00387 | 11h ago | Data Exfiltration Attempt | Low | Resolved | WS-LAP-012 |
| ALR-00131 | 14h ago | Insider Threat Indicator | Medium | False Positive | WS-PC-001 |
| ALR-00192 | 15h ago | Data Exfiltration Attempt | Medium | False Positive | WS-PC-003 |
| ALR-00036 | 20h ago | Suspicious PowerShell Execution | Critical | Open | WS-PC-001 |