Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:46:23 UTC

Shadow IT Discovery

Low Escalated
ALR-00385 · 2026-07-11T15:01:33Z

Description

Network IDS discovered unauthorised SaaS application (file sharing) used by 'd.walker'. 14GB of company data synced to unapproved cloud storage.

Alert Metadata

Alert ID
ALR-00385
Timestamp
2026-07-11T15:01:33Z
Severity
Low
Status
Escalated
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-WEB-01
User Account
d.walker
Source IP
103.254.216.215
Destination IP
10.3.62.136
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567
Reference
attack.mitre.org/techniques/T1567

Investigation Timeline

15:01:33 Event ingested by SOC365 Engine
15:01:34 EmilyAI triage started — correlation enrichment
15:01:42 EmilyAI confidence: 94% — escalated to human analyst
15:02:16 Alert assigned to analyst: EmilyAI (auto)
15:03:44 Investigation started — querying SIEM and threat intelligence
15:05:28 Containment action taken — endpoint isolated
15:19:03 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00168 5h ago Shadow IT Discovery Critical Escalated SW-CORE-01
ALR-00112 6h ago Shadow IT Discovery Critical Escalated WS-PC-006
ALR-00407 18h ago Shadow IT Discovery Informational False Positive WS-LAP-010
ALR-00202 19h ago Credential Stuffing Attempt Medium Resolved SRV-WEB-01
ALR-00218 20h ago Privilege Escalation Attempt Informational Escalated SRV-WEB-01