Data Exfiltration Attempt
Low
Escalated
ALR-00147 · 2026-07-09T11:33:56Z
Description
Large data transfer (2.3GB) to cloud storage from WS-PC-006 by user 'n.clark'. Network IDS DLP policy triggered — sensitive documents detected.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:33:56
Event ingested by SOC365 Engine
11:34:01
EmilyAI triage started — correlation enrichment
11:34:01
EmilyAI confidence: 83% — escalated to human analyst
11:34:22
Alert assigned to analyst: EmilyAI (auto)
11:36:52
Investigation started — querying SIEM and threat intelligence
11:39:21
Containment action taken — endpoint isolated
11:50:40
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00476 | 6h ago | Kerberoasting Attempt | Low | Investigating | WS-PC-006 |
| ALR-00099 | 7h ago | Ransomware Behaviour Detected | Low | Escalated | WS-PC-006 |
| ALR-00137 | 12h ago | DecoyPulse Honeypot Triggered | Low | Investigating | WS-PC-006 |
| ALR-00419 | 14h ago | Credential Stuffing Attempt | Informational | Open | WS-PC-006 |
| ALR-00366 | 15h ago | Tor Exit Node Connection | Informational | Escalated | WS-PC-006 |