Data Exfiltration Attempt
Medium
Resolved
ALR-00131 · 2026-07-05T00:18:02Z
Description
Large data transfer (2.3GB) to cloud storage from WS-LAP-010 by user 'a.wilson'. Dark Web Monitor DLP policy triggered — sensitive documents detected.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
00:18:02
Event ingested by SOC365 Engine
00:18:03
EmilyAI triage started — correlation enrichment
00:18:08
EmilyAI confidence: 94% — escalated to human analyst
00:18:28
Alert assigned to analyst: Marcus Webb
00:18:47
Investigation started — querying SIEM and threat intelligence
00:22:15
Containment action taken — endpoint isolated
00:31:45
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00046 | 9h ago | Port Scan Detected | Medium | False Positive | WS-LAP-010 |
| ALR-00182 | 12h ago | Ransomware Behaviour Detected | Low | Open | WS-LAP-010 |
| ALR-00110 | 19h ago | Data Exfiltration Attempt | Low | Open | WS-LAP-011 |
| ALR-00044 | 20h ago | Data Exfiltration Attempt | Medium | Resolved | SRV-BACKUP-01 |
| ALR-00045 | 1d ago | Privilege Escalation Attempt | Informational | Investigating | WS-LAP-010 |