Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:23:28 UTC

Shadow IT Discovery

Medium Investigating
ALR-00190 · 2026-05-24T19:05:07Z

Description

SOC365 Engine discovered unauthorised SaaS application (file sharing) used by 'p.thomas'. 14GB of company data synced to unapproved cloud storage.

Alert Metadata

Alert ID
ALR-00190
Timestamp
2026-05-24T19:05:07Z
Severity
Medium
Status
Investigating
Detection Source
SOC365 Engine
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
VM-DEV-01
User Account
p.thomas
Source IP
185.222.220.217
Destination IP
10.1.181.140
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567
Reference
attack.mitre.org/techniques/T1567

Investigation Timeline

19:05:07 Event ingested by SOC365 Engine
19:05:09 EmilyAI triage started — correlation enrichment
19:05:21 EmilyAI confidence: 82% — escalated to human analyst
19:05:49 Alert assigned to analyst: James Okonkwo
19:07:35 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00125 2h ago Shadow IT Discovery Low Resolved SRV-BACKUP-01
ALR-00023 6h ago Shadow IT Discovery Informational Resolved SRV-FILE-01
ALR-00258 10h ago Shadow IT Discovery Informational Investigating SRV-BACKUP-01
ALR-00417 11h ago Shadow IT Discovery Low False Positive WS-LAP-011
ALR-00002 18h ago Shadow IT Discovery Low False Positive WS-LAP-012