Unusual Outbound Traffic
Medium
Resolved
ALR-00082 · 2026-07-07T09:49:10Z
Description
Unusual outbound traffic pattern from SW-CORE-01 to IP in Eastern Europe. 450MB transferred over non-standard port. Flagged by DLP Module.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
09:49:10
Event ingested by SOC365 Engine
09:49:13
EmilyAI triage started — correlation enrichment
09:49:15
EmilyAI confidence: 90% — escalated to human analyst
09:49:25
Alert assigned to analyst: Marcus Webb
09:51:53
Investigation started — querying SIEM and threat intelligence
09:57:31
Containment action taken — endpoint isolated
10:01:14
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00167 | 8h ago | Unusual Outbound Traffic | Informational | Investigating | WS-PC-002 |
| ALR-00449 | 15h ago | Port Scan Detected | Low | Open | SW-CORE-01 |
| ALR-00375 | 15h ago | DLP Policy Violation | Informational | Investigating | SW-CORE-01 |
| ALR-00384 | 17h ago | Unusual Outbound Traffic | Informational | Escalated | SRV-FILE-01 |
| ALR-00155 | 17h ago | Tor Exit Node Connection | Low | Investigating | SW-CORE-01 |