Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:06:40 UTC

Data Exfiltration Attempt

Informational Resolved
ALR-00178 · 2026-05-26T07:31:59Z

Description

Large data transfer (2.3GB) to cloud storage from VM-DEV-01 by user 'e.evans'. Firewall DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID
ALR-00178
Timestamp
2026-05-26T07:31:59Z
Severity
Informational
Status
Resolved
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
VM-DEV-01
User Account
e.evans
Source IP
91.11.195.190
Destination IP
10.1.232.108
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567.002
Reference
attack.mitre.org/techniques/T1567.002

Investigation Timeline

07:31:59 Event ingested by SOC365 Engine
07:32:01 EmilyAI triage started — correlation enrichment
07:32:14 EmilyAI confidence: 85% — escalated to human analyst
07:32:19 Alert assigned to analyst: EmilyAI (auto)
07:34:59 Investigation started — querying SIEM and threat intelligence
07:38:21 Containment action taken — endpoint isolated
07:46:07 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00044 11h ago Data Exfiltration Attempt Medium False Positive WS-LAP-011
ALR-00108 12h ago Shadow IT Discovery Informational Escalated VM-DEV-01
ALR-00162 12h ago Data Exfiltration Attempt Medium Investigating SRV-SQL-01
ALR-00067 13h ago Insider Threat Indicator Low Resolved VM-DEV-01
ALR-00390 16h ago Data Exfiltration Attempt Medium Resolved WS-PC-004