Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:04:10 UTC

DLP Policy Violation

Low Investigating
ALR-00277 · 2026-05-26T00:36:36Z

Description

DLP policy violation: user 'm.taylor' attempted to email 3 files classified as 'Confidential' to external address from WS-PC-002.

Alert Metadata

Alert ID
ALR-00277
Timestamp
2026-05-26T00:36:36Z
Severity
Low
Status
Investigating
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-002
User Account
m.taylor
Source IP
185.172.220.182
Destination IP
10.1.24.54
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1048
Reference
attack.mitre.org/techniques/T1048

Investigation Timeline

00:36:36 Event ingested by SOC365 Engine
00:36:38 EmilyAI triage started — correlation enrichment
00:36:48 EmilyAI confidence: 95% — escalated to human analyst
00:37:18 Alert assigned to analyst: EmilyAI (auto)
00:37:55 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00063 4h ago DLP Policy Violation Low Escalated SRV-SQL-01
ALR-00470 5h ago DLP Policy Violation Medium False Positive SRV-WEB-01
ALR-00340 14h ago Ransomware Behaviour Detected Informational Open WS-PC-002
ALR-00171 15h ago Unusual Outbound Traffic Low Investigating WS-PC-002
ALR-00021 18h ago Ransomware Behaviour Detected Low Open WS-PC-002