Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:52:18 UTC

Data Exfiltration Attempt

Medium False Positive
ALR-00077 · 2026-04-09T18:03:16Z

Description

Large data transfer (2.3GB) to cloud storage from SRV-FILE-01 by user 'h.roberts'. DecoyPulse DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID
ALR-00077
Timestamp
2026-04-09T18:03:16Z
Severity
Medium
Status
False Positive
Detection Source
DecoyPulse
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
SRV-FILE-01
User Account
h.roberts
Source IP
194.140.62.94
Destination IP
10.3.173.206
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567.002
Reference
attack.mitre.org/techniques/T1567.002

Investigation Timeline

18:03:16 Event ingested by SOC365 Engine
18:03:19 EmilyAI triage started — correlation enrichment
18:03:31 EmilyAI confidence: 93% — escalated to human analyst
18:03:46 Alert assigned to analyst: Sarah Chen
18:06:01 Investigation started — querying SIEM and threat intelligence
18:12:47 Containment action taken — endpoint isolated
18:21:19 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00429 9h ago Ransomware Behaviour Detected Medium Resolved SRV-FILE-01
ALR-00332 12h ago Data Exfiltration Attempt Low Investigating SRV-BACKUP-01
ALR-00066 14h ago Data Exfiltration Attempt Low Open SRV-BACKUP-01
ALR-00398 14h ago DecoyPulse Honeypot Triggered Informational Resolved SRV-FILE-01
ALR-00401 17h ago Data Exfiltration Attempt Low Investigating WS-MAC-005