Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:04:50 UTC

Data Exfiltration Attempt

Informational Resolved
ALR-00146 · 2026-05-22T16:03:27Z

Description

Large data transfer (2.3GB) to cloud storage from SRV-WEB-01 by user 's.jones'. Cloud Connector DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID
ALR-00146
Timestamp
2026-05-22T16:03:27Z
Severity
Informational
Status
Resolved
Detection Source
Cloud Connector
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-WEB-01
User Account
s.jones
Source IP
91.2.195.120
Destination IP
10.1.170.49
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567.002
Reference
attack.mitre.org/techniques/T1567.002

Investigation Timeline

16:03:27 Event ingested by SOC365 Engine
16:03:32 EmilyAI triage started — correlation enrichment
16:03:35 EmilyAI confidence: 94% — escalated to human analyst
16:04:06 Alert assigned to analyst: EmilyAI (auto)
16:05:57 Investigation started — querying SIEM and threat intelligence
16:11:55 Containment action taken — endpoint isolated
16:16:01 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00148 4h ago Unusual Outbound Traffic Informational False Positive SRV-WEB-01
ALR-00470 5h ago DLP Policy Violation Medium False Positive SRV-WEB-01
ALR-00082 6h ago Rogue DHCP Server Medium Investigating SRV-WEB-01
ALR-00174 14h ago Certificate Anomaly Informational False Positive SRV-WEB-01
ALR-00363 21h ago Data Exfiltration Attempt Medium Open WS-LAP-010