Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:44:05 UTC

DLP Policy Violation

Low Resolved
ALR-00395 · 2026-07-04T22:21:06Z

Description

DLP policy violation: user 'r.davies' attempted to email 3 files classified as 'Confidential' to external address from WS-PC-006.

Alert Metadata

Alert ID
ALR-00395
Timestamp
2026-07-04T22:21:06Z
Severity
Low
Status
Resolved
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-006
User Account
r.davies
Source IP
185.26.220.202
Destination IP
10.0.241.22
Origin Country
RO Romania

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1048
Reference
attack.mitre.org/techniques/T1048

Investigation Timeline

22:21:06 Event ingested by SOC365 Engine
22:21:11 EmilyAI triage started — correlation enrichment
22:21:12 EmilyAI confidence: 92% — escalated to human analyst
22:21:27 Alert assigned to analyst: EmilyAI (auto)
22:23:22 Investigation started — querying SIEM and threat intelligence
22:29:29 Containment action taken — endpoint isolated
22:40:08 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00319 2h ago DLP Policy Violation Informational Investigating WS-LAP-010
ALR-00221 11h ago Malware Signature Match Low Investigating WS-PC-006
ALR-00172 19h ago Rogue DHCP Server Medium Escalated WS-PC-006
ALR-00357 22h ago Ransomware Behaviour Detected Low False Positive WS-PC-006
ALR-00045 22h ago DLP Policy Violation Low False Positive SRV-SQL-01