Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:50:45 UTC

Shadow IT Discovery

Low Escalated
ALR-00044 · 2026-04-11T01:00:02Z

Description

Endpoint Agent discovered unauthorised SaaS application (file sharing) used by 'p.thomas'. 14GB of company data synced to unapproved cloud storage.

Alert Metadata

Alert ID
ALR-00044
Timestamp
2026-04-11T01:00:02Z
Severity
Low
Status
Escalated
Detection Source
Endpoint Agent
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-WEB-01
User Account
p.thomas
Source IP
185.178.220.206
Destination IP
10.2.127.219
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567
Reference
attack.mitre.org/techniques/T1567

Investigation Timeline

01:00:02 Event ingested by SOC365 Engine
01:00:03 EmilyAI triage started — correlation enrichment
01:00:07 EmilyAI confidence: 85% — escalated to human analyst
01:00:35 Alert assigned to analyst: EmilyAI (auto)
01:01:40 Investigation started — querying SIEM and threat intelligence
01:06:27 Containment action taken — endpoint isolated
01:16:30 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00441 7h ago Shadow IT Discovery Informational Resolved SRV-BACKUP-01
ALR-00347 12h ago Privilege Escalation Attempt Informational Investigating SRV-WEB-01
ALR-00414 15h ago DLP Policy Violation Informational Investigating SRV-WEB-01
ALR-00461 15h ago Insider Threat Indicator Informational Investigating SRV-WEB-01
ALR-00350 18h ago Credential Stuffing Attempt Medium False Positive SRV-WEB-01