Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:51:19 UTC

Shadow IT Discovery

Medium Escalated
ALR-00131 · 2026-07-08T13:50:53Z

Description

DLP Module discovered unauthorised SaaS application (file sharing) used by 'c.williams'. 14GB of company data synced to unapproved cloud storage.

Alert Metadata

Alert ID
ALR-00131
Timestamp
2026-07-08T13:50:53Z
Severity
Medium
Status
Escalated
Detection Source
DLP Module
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
SRV-FILE-01
User Account
c.williams
Source IP
91.97.195.75
Destination IP
10.1.182.29
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567
Reference
attack.mitre.org/techniques/T1567

Investigation Timeline

13:50:53 Event ingested by SOC365 Engine
13:50:56 EmilyAI triage started — correlation enrichment
13:51:06 EmilyAI confidence: 88% — escalated to human analyst
13:51:35 Alert assigned to analyst: Sarah Chen
13:53:52 Investigation started — querying SIEM and threat intelligence
14:00:20 Containment action taken — endpoint isolated
14:09:38 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00150 9h ago Shadow IT Discovery Informational Investigating WS-PC-004
ALR-00057 9h ago Shadow IT Discovery Informational False Positive SW-CORE-01
ALR-00306 10h ago Malware Signature Match High Open SRV-FILE-01
ALR-00281 11h ago Shadow IT Discovery Low False Positive SRV-DC-01
ALR-00309 16h ago Shadow IT Discovery Low Open SRV-SQL-01