Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:23:54 UTC

DLP Policy Violation

High Open
ALR-00309 · 2026-04-12T12:55:18Z

Description

DLP policy violation: user 'system' attempted to email 3 files classified as 'Confidential' to external address from FW-EDGE-01.

Alert Metadata

Alert ID
ALR-00309
Timestamp
2026-04-12T12:55:18Z
Severity
High
Status
Open
Detection Source
Firewall
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
FW-EDGE-01
User Account
system
Source IP
45.106.148.181
Destination IP
10.3.48.40
Origin Country
GB United Kingdom

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1048
Reference
attack.mitre.org/techniques/T1048

Investigation Timeline

12:55:18 Event ingested by SOC365 Engine
12:55:23 EmilyAI triage started — correlation enrichment
12:55:32 EmilyAI confidence: 80% — escalated to human analyst
12:55:51 Alert assigned to analyst: James Okonkwo
12:56:40 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00201 2h ago Credential Stuffing Attempt Low Open FW-EDGE-01
ALR-00460 4h ago Malware Signature Match Low Investigating FW-EDGE-01
ALR-00374 7h ago DLP Policy Violation Medium Investigating FW-EDGE-01
ALR-00276 10h ago DLP Policy Violation Low False Positive SRV-MAIL-01
ALR-00225 18h ago Shadow IT Discovery Low False Positive FW-EDGE-01