Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:45:30 UTC

Shadow IT Discovery

Low Open
ALR-00120 · 2026-07-07T15:07:43Z

Description

DecoyPulse discovered unauthorised SaaS application (file sharing) used by 's.jones'. 14GB of company data synced to unapproved cloud storage.

Alert Metadata

Alert ID
ALR-00120
Timestamp
2026-07-07T15:07:43Z
Severity
Low
Status
Open
Detection Source
DecoyPulse
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-LAP-011
User Account
s.jones
Source IP
194.161.62.189
Destination IP
10.3.8.66
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567
Reference
attack.mitre.org/techniques/T1567

Investigation Timeline

15:07:43 Event ingested by SOC365 Engine
15:07:44 EmilyAI triage started — correlation enrichment
15:07:48 EmilyAI confidence: 89% — escalated to human analyst
15:07:58 Alert assigned to analyst: EmilyAI (auto)
15:09:09 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00286 14h ago Pass-the-Hash Detected Low Investigating WS-LAP-011
ALR-00062 15h ago Suspicious Scheduled Task Informational Resolved WS-LAP-011
ALR-00492 17h ago Suspicious Scheduled Task Low Escalated WS-LAP-011
ALR-00377 1d ago Shadow IT Discovery Low Resolved WS-PC-001
ALR-00256 1d ago Brute Force SSH Informational Investigating WS-LAP-011