Unusual Outbound Traffic
Low
False Positive
ALR-00107 · 2026-05-27T04:26:13Z
Description
Unusual outbound traffic pattern from SRV-APP-01 to IP in Eastern Europe. 450MB transferred over non-standard port. Flagged by Cloud Connector.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
04:26:13
Event ingested by SOC365 Engine
04:26:16
EmilyAI triage started — correlation enrichment
04:26:21
EmilyAI confidence: 95% — escalated to human analyst
04:26:34
Alert assigned to analyst: EmilyAI (auto)
04:28:08
Investigation started — querying SIEM and threat intelligence
04:29:35
Containment action taken — endpoint isolated
04:41:21
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00295 | 4h ago | DLP Policy Violation | Medium | Investigating | SRV-APP-01 |
| ALR-00287 | 9h ago | Unusual Outbound Traffic | Medium | False Positive | WS-PC-004 |
| ALR-00266 | 23h ago | Unusual Outbound Traffic | Medium | Resolved | WS-MAC-005 |
| ALR-00356 | 1d ago | Unusual Outbound Traffic | Medium | Escalated | WS-PC-003 |
| ALR-00347 | 1d ago | Unusual Outbound Traffic | Low | False Positive | VM-DEV-01 |