Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:26:20 UTC

Data Exfiltration Attempt

Medium False Positive
ALR-00120 · 2026-04-08T17:08:37Z

Description

Large data transfer (2.3GB) to cloud storage from SRV-BACKUP-01 by user 'k.brown'. Firewall DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID
ALR-00120
Timestamp
2026-04-08T17:08:37Z
Severity
Medium
Status
False Positive
Detection Source
Firewall
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
SRV-BACKUP-01
User Account
k.brown
Source IP
185.135.220.16
Destination IP
10.0.45.206
Origin Country
NL Netherlands

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567.002
Reference
attack.mitre.org/techniques/T1567.002

Investigation Timeline

17:08:37 Event ingested by SOC365 Engine
17:08:42 EmilyAI triage started — correlation enrichment
17:08:50 EmilyAI confidence: 90% — escalated to human analyst
17:09:08 Alert assigned to analyst: Emma Richardson
17:11:14 Investigation started — querying SIEM and threat intelligence
17:18:16 Containment action taken — endpoint isolated
17:27:10 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00474 9m ago Failed MFA Challenge Informational Open SRV-BACKUP-01
ALR-00439 2h ago Privilege Escalation Attempt Low Open SRV-BACKUP-01
ALR-00325 7h ago Data Exfiltration Attempt Medium Investigating WS-PC-002
ALR-00380 22h ago Insider Threat Indicator High Investigating SRV-BACKUP-01
ALR-00300 1d ago Data Exfiltration Attempt Low False Positive FW-EDGE-01