Data Exfiltration Attempt

Medium Open

ALR-00251 · 2026-04-08T20:27:58Z

Description

Large data transfer (2.3GB) to cloud storage from SRV-BACKUP-01 by user 'k.brown'. EmilyAI Triage DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID: ALR-00251
Timestamp: 2026-04-08T20:27:58Z
Severity: Medium
Status: Open
Detection Source: EmilyAI Triage
Assigned Analyst: Marcus Webb

Endpoint Information

Hostname: SRV-BACKUP-01
User Account: k.brown
Source IP: 91.144.195.104
Destination IP: 10.3.125.115
Origin Country: FR France

MITRE ATT&CK Mapping

Tactic: Exfiltration
Technique: T1567.002
Reference: attack.mitre.org/techniques/T1567.002

Investigation Timeline

20:27:58 Event ingested by SOC365 Engine

20:28:03 EmilyAI triage started — correlation enrichment

20:28:11 EmilyAI confidence: 85% — escalated to human analyst

20:28:21 Alert assigned to analyst: Marcus Webb

20:29:28 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00411	4m ago	Tor Exit Node Connection	Low	Investigating	SRV-BACKUP-01
ALR-00090	2h ago	Phishing Email Blocked	Informational	False Positive	SRV-BACKUP-01
ALR-00176	20h ago	Data Exfiltration Attempt	Informational	Investigating	SRV-DC-01
ALR-00192	1d ago	Data Exfiltration Attempt	Low	False Positive	SRV-FILE-01
ALR-00447	1d ago	Data Exfiltration Attempt	Informational	Open	SRV-MAIL-01