Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:23:13 UTC

Shadow IT Discovery

Medium Resolved
ALR-00176 · 2026-04-10T08:50:00Z

Description

DecoyPulse discovered unauthorised SaaS application (file sharing) used by 'l.johnson'. 14GB of company data synced to unapproved cloud storage.

Alert Metadata

Alert ID
ALR-00176
Timestamp
2026-04-10T08:50:00Z
Severity
Medium
Status
Resolved
Detection Source
DecoyPulse
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
AP-WIFI-03
User Account
l.johnson
Source IP
194.6.62.209
Destination IP
10.1.155.197
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567
Reference
attack.mitre.org/techniques/T1567

Investigation Timeline

08:50:00 Event ingested by SOC365 Engine
08:50:05 EmilyAI triage started — correlation enrichment
08:50:06 EmilyAI confidence: 90% — escalated to human analyst
08:50:45 Alert assigned to analyst: Marcus Webb
08:51:31 Investigation started — querying SIEM and threat intelligence
08:53:16 Containment action taken — endpoint isolated
09:01:59 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00465 8h ago Shadow IT Discovery Medium Escalated SRV-SQL-01
ALR-00204 11h ago Anomalous DNS Query Low Investigating AP-WIFI-03
ALR-00182 14h ago Shadow IT Discovery Low Investigating AP-WIFI-03
ALR-00429 1d ago Shadow IT Discovery Medium Investigating SW-CORE-01
ALR-00159 2d ago Shadow IT Discovery Low Investigating WS-LAP-010