Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:09:54 UTC

Unusual Outbound Traffic

Critical Open
ALR-00333 · 2026-05-23T18:14:54Z

Description

Unusual outbound traffic pattern from SRV-DC-01 to IP in Eastern Europe. 450MB transferred over non-standard port. Flagged by Attack Surface Scanner.

Alert Metadata

Alert ID
ALR-00333
Timestamp
2026-05-23T18:14:54Z
Severity
Critical
Status
Open
Detection Source
Attack Surface Scanner
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
SRV-DC-01
User Account
c.williams
Source IP
194.166.62.182
Destination IP
10.3.46.211
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1041
Reference
attack.mitre.org/techniques/T1041

Investigation Timeline

18:14:54 Event ingested by SOC365 Engine
18:14:56 EmilyAI triage started — correlation enrichment
18:15:01 EmilyAI confidence: 93% — escalated to human analyst
18:15:37 Alert assigned to analyst: Sarah Chen
18:16:26 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00449 2h ago Unauthorised USB Device Medium Open SRV-DC-01
ALR-00478 9h ago C2 Beacon Activity Low Investigating SRV-DC-01
ALR-00165 12h ago Unusual Outbound Traffic Informational Resolved WS-PC-003
ALR-00421 13h ago C2 Beacon Activity Medium Escalated SRV-DC-01
ALR-00412 16h ago Pass-the-Hash Detected Low Escalated SRV-DC-01