Unusual Outbound Traffic

High Escalated

ALR-00280 · 2026-04-12T06:09:06Z

Description

Unusual outbound traffic pattern from SRV-MAIL-01 to IP in Eastern Europe. 450MB transferred over non-standard port. Flagged by Attack Surface Scanner.

Alert Metadata

Alert ID: ALR-00280
Timestamp: 2026-04-12T06:09:06Z
Severity: High
Status: Escalated
Detection Source: Attack Surface Scanner
Assigned Analyst: Marcus Webb

Endpoint Information

Hostname: SRV-MAIL-01
User Account: p.thomas
Source IP: 194.23.62.156
Destination IP: 10.3.89.74
Origin Country: RO Romania

MITRE ATT&CK Mapping

Tactic: Exfiltration
Technique: T1041
Reference: attack.mitre.org/techniques/T1041

Investigation Timeline

06:09:06 Event ingested by SOC365 Engine

06:09:07 EmilyAI triage started — correlation enrichment

06:09:15 EmilyAI confidence: 79% — escalated to human analyst

06:09:35 Alert assigned to analyst: Marcus Webb

06:11:03 Investigation started — querying SIEM and threat intelligence

06:12:46 Containment action taken — endpoint isolated

06:27:59 Alert resolved — remediation complete

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00450	6h ago	Unusual Outbound Traffic	High	Investigating	SW-CORE-01
ALR-00202	7h ago	Ransomware Behaviour Detected	Medium	False Positive	SRV-MAIL-01
ALR-00232	9h ago	Rogue DHCP Server	High	Open	SRV-MAIL-01
ALR-00458	13h ago	Unusual Outbound Traffic	Informational	Investigating	SRV-FILE-01
ALR-00405	20h ago	Unusual Outbound Traffic	Low	Resolved	VM-DEV-01