Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:10:48 UTC

Data Exfiltration Attempt

Low Investigating
ALR-00298 · 2026-05-21T16:00:38Z

Description

Large data transfer (2.3GB) to cloud storage from WS-PC-003 by user 'd.walker'. Endpoint Agent DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID
ALR-00298
Timestamp
2026-05-21T16:00:38Z
Severity
Low
Status
Investigating
Detection Source
Endpoint Agent
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-003
User Account
d.walker
Source IP
185.120.220.80
Destination IP
10.0.126.125
Origin Country
RO Romania

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567.002
Reference
attack.mitre.org/techniques/T1567.002

Investigation Timeline

16:00:38 Event ingested by SOC365 Engine
16:00:41 EmilyAI triage started — correlation enrichment
16:00:49 EmilyAI confidence: 81% — escalated to human analyst
16:01:05 Alert assigned to analyst: EmilyAI (auto)
16:02:18 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00383 6h ago Unauthorised USB Device Medium Investigating WS-PC-003
ALR-00019 12h ago DLP Policy Violation Low Resolved WS-PC-003
ALR-00197 21h ago Data Exfiltration Attempt Informational Resolved AP-WIFI-03
ALR-00455 1d ago Malware Signature Match Informational Investigating WS-PC-003
ALR-00107 1d ago Insider Threat Indicator Low False Positive WS-PC-003