Data Exfiltration Attempt

Low Open

ALR-00098 · 2026-05-24T12:20:11Z

Description

Large data transfer (2.3GB) to cloud storage from WS-LAP-011 by user 'c.williams'. Cloud Connector DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID: ALR-00098
Timestamp: 2026-05-24T12:20:11Z
Severity: Low
Status: Open
Detection Source: Cloud Connector
Assigned Analyst: EmilyAI (auto)

Endpoint Information

Hostname: WS-LAP-011
User Account: c.williams
Source IP: 185.35.220.252
Destination IP: 10.3.9.178
Origin Country: DE Germany

MITRE ATT&CK Mapping

Tactic: Exfiltration
Technique: T1567.002
Reference: attack.mitre.org/techniques/T1567.002

Investigation Timeline

12:20:11 Event ingested by SOC365 Engine

12:20:16 EmilyAI triage started — correlation enrichment

12:20:24 EmilyAI confidence: 95% — escalated to human analyst

12:20:32 Alert assigned to analyst: EmilyAI (auto)

12:23:09 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00093	6h ago	Insider Threat Indicator	Informational	Escalated	WS-LAP-011
ALR-00011	7h ago	Data Exfiltration Attempt	High	Escalated	SRV-WEB-01
ALR-00094	9h ago	Data Exfiltration Attempt	Informational	Resolved	WS-PC-006
ALR-00406	10h ago	Data Exfiltration Attempt	Informational	False Positive	SRV-WEB-01
ALR-00331	12h ago	Data Exfiltration Attempt	Informational	Resolved	AP-WIFI-03