Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:51:33 UTC

Data Exfiltration Attempt

Medium Investigating
ALR-00369 · 2026-07-09T17:55:12Z

Description

Large data transfer (2.3GB) to cloud storage from WS-MAC-005 by user 'c.williams'. Network IDS DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID
ALR-00369
Timestamp
2026-07-09T17:55:12Z
Severity
Medium
Status
Investigating
Detection Source
Network IDS
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
WS-MAC-005
User Account
c.williams
Source IP
185.222.220.55
Destination IP
10.1.222.89
Origin Country
FR France

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567.002
Reference
attack.mitre.org/techniques/T1567.002

Investigation Timeline

17:55:12 Event ingested by SOC365 Engine
17:55:16 EmilyAI triage started — correlation enrichment
17:55:20 EmilyAI confidence: 83% — escalated to human analyst
17:55:47 Alert assigned to analyst: James Okonkwo
17:56:28 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00331 1h ago Brute Force SSH Low Resolved WS-MAC-005
ALR-00321 2h ago Unusual Outbound Traffic Low Investigating WS-MAC-005
ALR-00076 3h ago Rogue DHCP Server Low Open WS-MAC-005
ALR-00353 7h ago Data Exfiltration Attempt Low False Positive WS-PC-003
ALR-00028 17h ago Data Exfiltration Attempt Medium Escalated SRV-DC-01