Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:03:41 UTC

Unusual Outbound Traffic

Informational Resolved
ALR-00394 · 2026-05-25T05:55:38Z

Description

Unusual outbound traffic pattern from WS-LAP-010 to IP in Eastern Europe. 450MB transferred over non-standard port. Flagged by DLP Module.

Alert Metadata

Alert ID
ALR-00394
Timestamp
2026-05-25T05:55:38Z
Severity
Informational
Status
Resolved
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-LAP-010
User Account
d.walker
Source IP
103.164.216.131
Destination IP
10.1.145.185
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1041
Reference
attack.mitre.org/techniques/T1041

Investigation Timeline

05:55:38 Event ingested by SOC365 Engine
05:55:42 EmilyAI triage started — correlation enrichment
05:55:48 EmilyAI confidence: 87% — escalated to human analyst
05:56:15 Alert assigned to analyst: EmilyAI (auto)
05:56:37 Investigation started — querying SIEM and threat intelligence
06:04:45 Containment action taken — endpoint isolated
06:12:13 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00376 5h ago Unusual Outbound Traffic High Escalated SRV-DC-01
ALR-00177 16h ago Unusual Outbound Traffic Critical Escalated SRV-APP-01
ALR-00211 1d ago Data Exfiltration Attempt Low Investigating WS-LAP-010
ALR-00116 1d ago Unusual Outbound Traffic Medium False Positive SW-CORE-01
ALR-00347 1d ago Tor Exit Node Connection Low Open WS-LAP-010