Data Exfiltration Attempt

Informational Resolved

ALR-00258 · 2026-05-21T12:52:43Z

Description

Large data transfer (2.3GB) to cloud storage from SRV-SQL-01 by user 'e.evans'. Attack Surface Scanner DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID: ALR-00258
Timestamp: 2026-05-21T12:52:43Z
Severity: Informational
Status: Resolved
Detection Source: Attack Surface Scanner
Assigned Analyst: EmilyAI (auto)

Endpoint Information

Hostname: SRV-SQL-01
User Account: e.evans
Source IP: 103.214.216.74
Destination IP: 10.1.237.27
Origin Country: RU Russia

MITRE ATT&CK Mapping

Tactic: Exfiltration
Technique: T1567.002
Reference: attack.mitre.org/techniques/T1567.002

Investigation Timeline

12:52:43 Event ingested by SOC365 Engine

12:52:48 EmilyAI triage started — correlation enrichment

12:52:54 EmilyAI confidence: 95% — escalated to human analyst

12:52:58 Alert assigned to analyst: EmilyAI (auto)

12:53:51 Investigation started — querying SIEM and threat intelligence

13:00:27 Containment action taken — endpoint isolated

13:08:06 Alert resolved — remediation complete

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00387	15h ago	C2 Beacon Activity	Medium	Investigating	SRV-SQL-01
ALR-00102	18h ago	Data Exfiltration Attempt	Informational	Open	WS-PC-003
ALR-00072	18h ago	Data Exfiltration Attempt	Informational	False Positive	SRV-SQL-01
ALR-00202	1d ago	Data Exfiltration Attempt	Medium	False Positive	SRV-BACKUP-01
ALR-00025	1d ago	Unauthorised USB Device	Informational	False Positive	SRV-SQL-01