Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:08:54 UTC

Data Exfiltration Attempt

Medium Resolved
ALR-00172 · 2026-05-25T22:21:26Z

Description

Large data transfer (2.3GB) to cloud storage from SRV-FILE-01 by user 'system'. Firewall DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID
ALR-00172
Timestamp
2026-05-25T22:21:26Z
Severity
Medium
Status
Resolved
Detection Source
Firewall
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
SRV-FILE-01
User Account
system
Source IP
45.187.148.181
Destination IP
10.1.49.170
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567.002
Reference
attack.mitre.org/techniques/T1567.002

Investigation Timeline

22:21:26 Event ingested by SOC365 Engine
22:21:28 EmilyAI triage started — correlation enrichment
22:21:35 EmilyAI confidence: 93% — escalated to human analyst
22:21:59 Alert assigned to analyst: Sarah Chen
22:23:27 Investigation started — querying SIEM and threat intelligence
22:27:22 Containment action taken — endpoint isolated
22:33:09 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00290 2h ago Data Exfiltration Attempt High Investigating VM-DEV-01
ALR-00161 2h ago Data Exfiltration Attempt High Open WS-LAP-010
ALR-00295 10h ago Unauthorised USB Device Medium False Positive SRV-FILE-01
ALR-00022 12h ago Failed MFA Challenge Informational Open SRV-FILE-01
ALR-00190 12h ago Data Exfiltration Attempt Medium False Positive SW-CORE-01