Data Exfiltration Attempt

Medium Escalated

ALR-00267 · 2026-04-09T01:58:42Z

Description

Large data transfer (2.3GB) to cloud storage from WS-MAC-005 by user 'c.williams'. EmilyAI Triage DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID: ALR-00267
Timestamp: 2026-04-09T01:58:42Z
Severity: Medium
Status: Escalated
Detection Source: EmilyAI Triage
Assigned Analyst: Marcus Webb

Endpoint Information

Hostname: WS-MAC-005
User Account: c.williams
Source IP: 103.36.216.80
Destination IP: 10.3.38.69
Origin Country: VN Vietnam

MITRE ATT&CK Mapping

Tactic: Exfiltration
Technique: T1567.002
Reference: attack.mitre.org/techniques/T1567.002

Investigation Timeline

01:58:42 Event ingested by SOC365 Engine

01:58:43 EmilyAI triage started — correlation enrichment

01:58:56 EmilyAI confidence: 88% — escalated to human analyst

01:58:58 Alert assigned to analyst: Marcus Webb

02:00:53 Investigation started — querying SIEM and threat intelligence

02:04:06 Containment action taken — endpoint isolated

02:15:03 Alert resolved — remediation complete

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00317	28m ago	Ransomware Behaviour Detected	Low	False Positive	WS-MAC-005
ALR-00035	3h ago	Data Exfiltration Attempt	Informational	Escalated	SRV-APP-01
ALR-00184	5h ago	Data Exfiltration Attempt	Medium	Escalated	WS-LAP-010
ALR-00067	7h ago	Data Exfiltration Attempt	Informational	Investigating	WS-PC-003
ALR-00054	13h ago	Data Exfiltration Attempt	Low	Open	SRV-WEB-01