Data Exfiltration Attempt

Low Resolved

ALR-00161 · 2026-04-11T16:50:59Z

Description

Large data transfer (2.3GB) to cloud storage from SRV-SQL-01 by user 'l.johnson'. Dark Web Monitor DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID: ALR-00161
Timestamp: 2026-04-11T16:50:59Z
Severity: Low
Status: Resolved
Detection Source: Dark Web Monitor
Assigned Analyst: EmilyAI (auto)

Endpoint Information

Hostname: SRV-SQL-01
User Account: l.johnson
Source IP: 45.166.148.75
Destination IP: 10.0.98.9
Origin Country: UA Ukraine

MITRE ATT&CK Mapping

Tactic: Exfiltration
Technique: T1567.002
Reference: attack.mitre.org/techniques/T1567.002

Investigation Timeline

16:50:59 Event ingested by SOC365 Engine

16:51:04 EmilyAI triage started — correlation enrichment

16:51:14 EmilyAI confidence: 90% — escalated to human analyst

16:51:34 Alert assigned to analyst: EmilyAI (auto)

16:53:47 Investigation started — querying SIEM and threat intelligence

17:00:48 Containment action taken — endpoint isolated

17:10:49 Alert resolved — remediation complete

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00126	27m ago	Data Exfiltration Attempt	High	Open	VM-DEV-01
ALR-00299	35m ago	Data Exfiltration Attempt	Informational	Escalated	WS-PC-004
ALR-00223	6h ago	Port Scan Detected	Medium	False Positive	SRV-SQL-01
ALR-00421	15h ago	Lateral Movement Detected	Low	False Positive	SRV-SQL-01
ALR-00202	21h ago	Malware Signature Match	Critical	Investigating	SRV-SQL-01