Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:10:46 UTC

Shadow IT Discovery

Low Open
ALR-00343 · 2026-05-27T05:51:51Z

Description

DLP Module discovered unauthorised SaaS application (file sharing) used by 'c.williams'. 14GB of company data synced to unapproved cloud storage.

Alert Metadata

Alert ID
ALR-00343
Timestamp
2026-05-27T05:51:51Z
Severity
Low
Status
Open
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-MAC-005
User Account
c.williams
Source IP
91.30.195.145
Destination IP
10.3.193.30
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567
Reference
attack.mitre.org/techniques/T1567

Investigation Timeline

05:51:51 Event ingested by SOC365 Engine
05:51:55 EmilyAI triage started — correlation enrichment
05:51:59 EmilyAI confidence: 81% — escalated to human analyst
05:52:26 Alert assigned to analyst: EmilyAI (auto)
05:53:52 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00376 5h ago Lateral Movement Detected Informational Investigating WS-MAC-005
ALR-00106 6h ago Shadow IT Discovery Informational Investigating WS-PC-001
ALR-00236 10h ago Rogue DHCP Server Informational Investigating WS-MAC-005
ALR-00020 11h ago Shadow IT Discovery Low Investigating SW-CORE-01
ALR-00392 13h ago Shadow IT Discovery Low Open WS-PC-006