Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:38:24 UTC

Data Exfiltration Attempt

Medium False Positive
ALR-00042 · 2026-07-10T11:02:07Z

Description

Large data transfer (2.3GB) to cloud storage from WS-PC-001 by user 'l.johnson'. Firewall DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID
ALR-00042
Timestamp
2026-07-10T11:02:07Z
Severity
Medium
Status
False Positive
Detection Source
Firewall
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
WS-PC-001
User Account
l.johnson
Source IP
91.69.195.226
Destination IP
10.0.141.183
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567.002
Reference
attack.mitre.org/techniques/T1567.002

Investigation Timeline

11:02:07 Event ingested by SOC365 Engine
11:02:10 EmilyAI triage started — correlation enrichment
11:02:20 EmilyAI confidence: 80% — escalated to human analyst
11:02:41 Alert assigned to analyst: Marcus Webb
11:05:05 Investigation started — querying SIEM and threat intelligence
11:08:19 Containment action taken — endpoint isolated
11:15:05 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00417 11h ago Ransomware Behaviour Detected Medium Escalated WS-PC-001
ALR-00387 11h ago Data Exfiltration Attempt Low Resolved WS-LAP-012
ALR-00131 14h ago Insider Threat Indicator Medium False Positive WS-PC-001
ALR-00192 15h ago Data Exfiltration Attempt Medium False Positive WS-PC-003
ALR-00036 20h ago Suspicious PowerShell Execution Critical Open WS-PC-001