Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:43:24 UTC

Unusual Outbound Traffic

Low False Positive
ALR-00212 · 2026-07-09T23:20:07Z

Description

Unusual outbound traffic pattern from WS-PC-004 to IP in Eastern Europe. 450MB transferred over non-standard port. Flagged by Network IDS.

Alert Metadata

Alert ID
ALR-00212
Timestamp
2026-07-09T23:20:07Z
Severity
Low
Status
False Positive
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-004
User Account
r.davies
Source IP
194.19.62.124
Destination IP
10.3.106.64
Origin Country
FR France

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1041
Reference
attack.mitre.org/techniques/T1041

Investigation Timeline

23:20:07 Event ingested by SOC365 Engine
23:20:11 EmilyAI triage started — correlation enrichment
23:20:14 EmilyAI confidence: 96% — escalated to human analyst
23:20:37 Alert assigned to analyst: EmilyAI (auto)
23:22:30 Investigation started — querying SIEM and threat intelligence
23:29:20 Containment action taken — endpoint isolated
23:34:26 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00260 3h ago Ransomware Behaviour Detected Informational Escalated WS-PC-004
ALR-00134 6h ago Unusual Outbound Traffic Informational Resolved SRV-BACKUP-01
ALR-00370 7h ago Unusual Outbound Traffic Medium Escalated SRV-WEB-01
ALR-00010 8h ago Failed MFA Challenge Informational Open WS-PC-004
ALR-00190 13h ago Unusual Outbound Traffic Informational Escalated SRV-DC-01