Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:21:32 UTC

DLP Policy Violation

Low Escalated
ALR-00258 · 2026-04-11T13:38:17Z

Description

DLP policy violation: user 'r.davies' attempted to email 3 files classified as 'Confidential' to external address from SRV-MAIL-01.

Alert Metadata

Alert ID
ALR-00258
Timestamp
2026-04-11T13:38:17Z
Severity
Low
Status
Escalated
Detection Source
SOC365 Engine
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-MAIL-01
User Account
r.davies
Source IP
103.110.216.130
Destination IP
10.3.160.96
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1048
Reference
attack.mitre.org/techniques/T1048

Investigation Timeline

13:38:17 Event ingested by SOC365 Engine
13:38:20 EmilyAI triage started — correlation enrichment
13:38:26 EmilyAI confidence: 95% — escalated to human analyst
13:38:43 Alert assigned to analyst: EmilyAI (auto)
13:39:42 Investigation started — querying SIEM and threat intelligence
13:42:53 Containment action taken — endpoint isolated
13:55:07 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00105 6h ago DLP Policy Violation Critical Open AP-WIFI-03
ALR-00483 7h ago DLP Policy Violation Low Investigating SRV-WEB-01
ALR-00175 14h ago Malware Signature Match Low Resolved SRV-MAIL-01
ALR-00096 20h ago DLP Policy Violation Low Resolved WS-MAC-005
ALR-00124 21h ago DLP Policy Violation Low Investigating WS-PC-002