Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:39:25 UTC

DLP Policy Violation

Informational Open
ALR-00222 · 2026-07-09T05:43:34Z

Description

DLP policy violation: user 'l.johnson' attempted to email 3 files classified as 'Confidential' to external address from SRV-APP-01.

Alert Metadata

Alert ID
ALR-00222
Timestamp
2026-07-09T05:43:34Z
Severity
Informational
Status
Open
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-APP-01
User Account
l.johnson
Source IP
103.160.216.231
Destination IP
10.0.250.215
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1048
Reference
attack.mitre.org/techniques/T1048

Investigation Timeline

05:43:34 Event ingested by SOC365 Engine
05:43:36 EmilyAI triage started — correlation enrichment
05:43:40 EmilyAI confidence: 89% — escalated to human analyst
05:44:12 Alert assigned to analyst: EmilyAI (auto)
05:45:30 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00211 3h ago Anomalous DNS Query Medium False Positive SRV-APP-01
ALR-00064 8h ago Ransomware Behaviour Detected Medium Escalated SRV-APP-01
ALR-00269 11h ago DLP Policy Violation Informational False Positive SRV-SQL-01
ALR-00284 13h ago Certificate Anomaly Low Investigating SRV-APP-01
ALR-00217 18h ago Port Scan Detected Low Investigating SRV-APP-01