Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:07:07 UTC

Data Exfiltration Attempt

Low Open
ALR-00378 · 2026-05-23T20:58:12Z

Description

Large data transfer (2.3GB) to cloud storage from FW-EDGE-01 by user 'd.walker'. Endpoint Agent DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID
ALR-00378
Timestamp
2026-05-23T20:58:12Z
Severity
Low
Status
Open
Detection Source
Endpoint Agent
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
FW-EDGE-01
User Account
d.walker
Source IP
194.79.62.82
Destination IP
10.1.194.195
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567.002
Reference
attack.mitre.org/techniques/T1567.002

Investigation Timeline

20:58:12 Event ingested by SOC365 Engine
20:58:14 EmilyAI triage started — correlation enrichment
20:58:18 EmilyAI confidence: 79% — escalated to human analyst
20:58:27 Alert assigned to analyst: EmilyAI (auto)
21:00:06 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00191 1h ago Credential Stuffing Attempt High Investigating FW-EDGE-01
ALR-00442 5h ago Anomalous DNS Query Low Escalated FW-EDGE-01
ALR-00177 6h ago DLP Policy Violation Medium Investigating FW-EDGE-01
ALR-00431 9h ago Data Exfiltration Attempt Medium Resolved SRV-SQL-01
ALR-00265 10h ago Unauthorised USB Device High Escalated FW-EDGE-01