Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:24:13 UTC

DLP Policy Violation

Medium Resolved
ALR-00202 · 2026-04-09T12:39:15Z

Description

DLP policy violation: user 'p.thomas' attempted to email 3 files classified as 'Confidential' to external address from SRV-WEB-01.

Alert Metadata

Alert ID
ALR-00202
Timestamp
2026-04-09T12:39:15Z
Severity
Medium
Status
Resolved
Detection Source
Dark Web Monitor
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SRV-WEB-01
User Account
p.thomas
Source IP
103.18.216.97
Destination IP
10.3.246.107
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1048
Reference
attack.mitre.org/techniques/T1048

Investigation Timeline

12:39:15 Event ingested by SOC365 Engine
12:39:17 EmilyAI triage started — correlation enrichment
12:39:23 EmilyAI confidence: 94% — escalated to human analyst
12:39:48 Alert assigned to analyst: Marcus Webb
12:41:39 Investigation started — querying SIEM and threat intelligence
12:43:52 Containment action taken — endpoint isolated
12:58:04 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00112 3h ago DLP Policy Violation High Escalated WS-MAC-005
ALR-00308 8h ago Malware Signature Match Low Escalated SRV-WEB-01
ALR-00058 9h ago Ransomware Behaviour Detected High Investigating SRV-WEB-01
ALR-00390 13h ago Rogue DHCP Server Low Investigating SRV-WEB-01
ALR-00254 20h ago Suspicious Scheduled Task Informational Investigating SRV-WEB-01