Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:45:30 UTC

Unusual Outbound Traffic

Informational Investigating
ALR-00278 · 2026-07-05T11:34:49Z

Description

Unusual outbound traffic pattern from FW-EDGE-01 to IP in Eastern Europe. 450MB transferred over non-standard port. Flagged by Email Gateway.

Alert Metadata

Alert ID
ALR-00278
Timestamp
2026-07-05T11:34:49Z
Severity
Informational
Status
Investigating
Detection Source
Email Gateway
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
FW-EDGE-01
User Account
h.roberts
Source IP
185.168.220.220
Destination IP
10.0.9.186
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1041
Reference
attack.mitre.org/techniques/T1041

Investigation Timeline

11:34:49 Event ingested by SOC365 Engine
11:34:50 EmilyAI triage started — correlation enrichment
11:35:02 EmilyAI confidence: 83% — escalated to human analyst
11:35:17 Alert assigned to analyst: EmilyAI (auto)
11:36:22 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00119 4h ago DLP Policy Violation Low False Positive FW-EDGE-01
ALR-00034 5h ago Unusual Outbound Traffic Low Escalated SRV-FILE-01
ALR-00301 20h ago DecoyPulse Honeypot Triggered Low Resolved FW-EDGE-01
ALR-00166 1d ago Unusual Outbound Traffic Low Investigating SRV-SQL-01
ALR-00292 1d ago Insider Threat Indicator High Investigating FW-EDGE-01