Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:45:29 UTC

DLP Policy Violation

Low Escalated
ALR-00163 · 2026-07-11T05:01:49Z

Description

DLP policy violation: user 'k.brown' attempted to email 3 files classified as 'Confidential' to external address from SRV-APP-01.

Alert Metadata

Alert ID
ALR-00163
Timestamp
2026-07-11T05:01:49Z
Severity
Low
Status
Escalated
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-APP-01
User Account
k.brown
Source IP
103.209.216.211
Destination IP
10.2.239.2
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1048
Reference
attack.mitre.org/techniques/T1048

Investigation Timeline

05:01:49 Event ingested by SOC365 Engine
05:01:54 EmilyAI triage started — correlation enrichment
05:02:03 EmilyAI confidence: 94% — escalated to human analyst
05:02:27 Alert assigned to analyst: EmilyAI (auto)
05:03:05 Investigation started — querying SIEM and threat intelligence
05:06:21 Containment action taken — endpoint isolated
05:18:02 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00180 6m ago Data Exfiltration Attempt Low Resolved SRV-APP-01
ALR-00119 4h ago DLP Policy Violation Low False Positive FW-EDGE-01
ALR-00447 7h ago Kerberoasting Attempt Low Escalated SRV-APP-01
ALR-00169 12h ago Data Exfiltration Attempt Medium Escalated SRV-APP-01
ALR-00391 17h ago Malware Signature Match Informational Investigating SRV-APP-01