Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:38:43 UTC

DLP Policy Violation

Medium Resolved
ALR-00257 · 2026-07-10T06:20:00Z

Description

DLP policy violation: user 'h.roberts' attempted to email 3 files classified as 'Confidential' to external address from WS-LAP-010.

Alert Metadata

Alert ID
ALR-00257
Timestamp
2026-07-10T06:20:00Z
Severity
Medium
Status
Resolved
Detection Source
DecoyPulse
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
WS-LAP-010
User Account
h.roberts
Source IP
194.138.62.114
Destination IP
10.1.13.177
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1048
Reference
attack.mitre.org/techniques/T1048

Investigation Timeline

06:20:00 Event ingested by SOC365 Engine
06:20:02 EmilyAI triage started — correlation enrichment
06:20:11 EmilyAI confidence: 88% — escalated to human analyst
06:20:24 Alert assigned to analyst: Emma Richardson
06:22:04 Investigation started — querying SIEM and threat intelligence
06:26:30 Containment action taken — endpoint isolated
06:36:50 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00416 2h ago DecoyPulse Honeypot Triggered Low Escalated WS-LAP-010
ALR-00451 11h ago Port Scan Detected Medium False Positive WS-LAP-010
ALR-00159 19h ago Rogue DHCP Server High Investigating WS-LAP-010
ALR-00498 22h ago DLP Policy Violation Low Escalated WS-LAP-011
ALR-00397 1d ago Brute Force SSH Low Investigating WS-LAP-010