Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:41:58 UTC

Unusual Outbound Traffic

Medium Investigating
ALR-00090 · 2026-07-07T17:30:23Z

Description

Unusual outbound traffic pattern from WS-PC-002 to IP in Eastern Europe. 450MB transferred over non-standard port. Flagged by DecoyPulse.

Alert Metadata

Alert ID
ALR-00090
Timestamp
2026-07-07T17:30:23Z
Severity
Medium
Status
Investigating
Detection Source
DecoyPulse
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
WS-PC-002
User Account
e.evans
Source IP
185.234.220.210
Destination IP
10.0.214.28
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1041
Reference
attack.mitre.org/techniques/T1041

Investigation Timeline

17:30:23 Event ingested by SOC365 Engine
17:30:28 EmilyAI triage started — correlation enrichment
17:30:33 EmilyAI confidence: 83% — escalated to human analyst
17:30:40 Alert assigned to analyst: James Okonkwo
17:32:47 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00167 8h ago Unusual Outbound Traffic Informational Investigating WS-PC-002
ALR-00237 13h ago Rogue DHCP Server Medium False Positive WS-PC-002
ALR-00007 14h ago Malware Signature Match Informational False Positive WS-PC-002
ALR-00128 15h ago DLP Policy Violation Low Investigating WS-PC-002
ALR-00379 16h ago Rogue DHCP Server Informational Investigating WS-PC-002