Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:25:36 UTC

Shadow IT Discovery

Low Investigating
ALR-00188 · 2026-05-22T14:23:53Z

Description

DecoyPulse discovered unauthorised SaaS application (file sharing) used by 'j.smith'. 14GB of company data synced to unapproved cloud storage.

Alert Metadata

Alert ID
ALR-00188
Timestamp
2026-05-22T14:23:53Z
Severity
Low
Status
Investigating
Detection Source
DecoyPulse
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-001
User Account
j.smith
Source IP
91.115.195.154
Destination IP
10.0.144.228
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567
Reference
attack.mitre.org/techniques/T1567

Investigation Timeline

14:23:53 Event ingested by SOC365 Engine
14:23:58 EmilyAI triage started — correlation enrichment
14:23:59 EmilyAI confidence: 92% — escalated to human analyst
14:24:35 Alert assigned to analyst: EmilyAI (auto)
14:24:50 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00198 17h ago Suspicious PowerShell Execution Medium Resolved WS-PC-001
ALR-00206 20h ago Shadow IT Discovery High Escalated SRV-SQL-01
ALR-00104 23h ago C2 Beacon Activity Informational Escalated WS-PC-001
ALR-00021 1d ago Privilege Escalation Attempt Medium Resolved WS-PC-001
ALR-00030 1d ago Shadow IT Discovery Critical Escalated WS-PC-006