Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:36:48 UTC

Data Exfiltration Attempt

Informational Investigating
ALR-00191 · 2026-07-09T09:15:58Z

Description

Large data transfer (2.3GB) to cloud storage from SRV-APP-01 by user 'h.roberts'. Network IDS DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID
ALR-00191
Timestamp
2026-07-09T09:15:58Z
Severity
Informational
Status
Investigating
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-APP-01
User Account
h.roberts
Source IP
194.137.62.222
Destination IP
10.1.240.158
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567.002
Reference
attack.mitre.org/techniques/T1567.002

Investigation Timeline

09:15:58 Event ingested by SOC365 Engine
09:15:59 EmilyAI triage started — correlation enrichment
09:16:12 EmilyAI confidence: 94% — escalated to human analyst
09:16:24 Alert assigned to analyst: EmilyAI (auto)
09:17:50 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00352 1h ago Pass-the-Hash Detected High Escalated SRV-APP-01
ALR-00361 5h ago Certificate Anomaly Low False Positive SRV-APP-01
ALR-00496 8h ago Brute Force SSH Low Open SRV-APP-01
ALR-00234 13h ago Rogue DHCP Server Informational Escalated SRV-APP-01
ALR-00303 15h ago Data Exfiltration Attempt Low Resolved WS-LAP-012