Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:44:36 UTC

Data Exfiltration Attempt

Medium Resolved
ALR-00131 · 2026-07-05T00:18:02Z

Description

Large data transfer (2.3GB) to cloud storage from WS-LAP-010 by user 'a.wilson'. Dark Web Monitor DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID
ALR-00131
Timestamp
2026-07-05T00:18:02Z
Severity
Medium
Status
Resolved
Detection Source
Dark Web Monitor
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
WS-LAP-010
User Account
a.wilson
Source IP
45.50.148.185
Destination IP
10.3.39.77
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567.002
Reference
attack.mitre.org/techniques/T1567.002

Investigation Timeline

00:18:02 Event ingested by SOC365 Engine
00:18:03 EmilyAI triage started — correlation enrichment
00:18:08 EmilyAI confidence: 94% — escalated to human analyst
00:18:28 Alert assigned to analyst: Marcus Webb
00:18:47 Investigation started — querying SIEM and threat intelligence
00:22:15 Containment action taken — endpoint isolated
00:31:45 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00046 9h ago Port Scan Detected Medium False Positive WS-LAP-010
ALR-00182 12h ago Ransomware Behaviour Detected Low Open WS-LAP-010
ALR-00110 19h ago Data Exfiltration Attempt Low Open WS-LAP-011
ALR-00044 20h ago Data Exfiltration Attempt Medium Resolved SRV-BACKUP-01
ALR-00045 1d ago Privilege Escalation Attempt Informational Investigating WS-LAP-010