Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:20:18 UTC

Data Exfiltration Attempt

Medium Open
ALR-00329 · 2026-04-06T14:16:43Z

Description

Large data transfer (2.3GB) to cloud storage from WS-PC-003 by user 'h.roberts'. Firewall DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID
ALR-00329
Timestamp
2026-04-06T14:16:43Z
Severity
Medium
Status
Open
Detection Source
Firewall
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
WS-PC-003
User Account
h.roberts
Source IP
185.247.220.181
Destination IP
10.2.24.187
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567.002
Reference
attack.mitre.org/techniques/T1567.002

Investigation Timeline

14:16:43 Event ingested by SOC365 Engine
14:16:44 EmilyAI triage started — correlation enrichment
14:16:56 EmilyAI confidence: 94% — escalated to human analyst
14:16:59 Alert assigned to analyst: Anika Patel
14:17:43 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00019 8h ago Privilege Escalation Attempt Informational Resolved WS-PC-003
ALR-00135 9h ago Unauthorised USB Device Informational False Positive WS-PC-003
ALR-00324 9h ago Data Exfiltration Attempt Medium Investigating SRV-BACKUP-01
ALR-00013 10h ago Tor Exit Node Connection Low Escalated WS-PC-003
ALR-00382 11h ago Shadow IT Discovery Informational False Positive WS-PC-003