Data Exfiltration Attempt
Low
Investigating
ALR-00146 · 2026-07-05T11:39:03Z
Description
Large data transfer (2.3GB) to cloud storage from SRV-SQL-01 by user 'l.johnson'. SOC365 Engine DLP policy triggered — sensitive documents detected.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:39:03
Event ingested by SOC365 Engine
11:39:05
EmilyAI triage started — correlation enrichment
11:39:11
EmilyAI confidence: 82% — escalated to human analyst
11:39:43
Alert assigned to analyst: EmilyAI (auto)
11:40:05
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00044 | 15m ago | Privilege Escalation Attempt | Medium | Investigating | SRV-SQL-01 |
| ALR-00244 | 1h ago | Data Exfiltration Attempt | Low | Escalated | WS-LAP-011 |
| ALR-00082 | 3h ago | Pass-the-Hash Detected | High | Open | SRV-SQL-01 |
| ALR-00394 | 3h ago | Ransomware Behaviour Detected | Low | Open | SRV-SQL-01 |
| ALR-00480 | 4h ago | Suspicious PowerShell Execution | Medium | Resolved | SRV-SQL-01 |