Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:48:01 UTC

Shadow IT Discovery

Medium Investigating
ALR-00405 · 2026-07-10T18:14:05Z

Description

Attack Surface Scanner discovered unauthorised SaaS application (file sharing) used by 'j.smith'. 14GB of company data synced to unapproved cloud storage.

Alert Metadata

Alert ID
ALR-00405
Timestamp
2026-07-10T18:14:05Z
Severity
Medium
Status
Investigating
Detection Source
Attack Surface Scanner
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
FW-EDGE-01
User Account
j.smith
Source IP
103.156.216.217
Destination IP
10.0.206.56
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567
Reference
attack.mitre.org/techniques/T1567

Investigation Timeline

18:14:05 Event ingested by SOC365 Engine
18:14:07 EmilyAI triage started — correlation enrichment
18:14:14 EmilyAI confidence: 98% — escalated to human analyst
18:14:25 Alert assigned to analyst: Marcus Webb
18:15:23 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00103 4h ago Insider Threat Indicator Medium Open FW-EDGE-01
ALR-00065 9h ago Shadow IT Discovery Low Escalated WS-LAP-011
ALR-00376 11h ago Shadow IT Discovery Medium Resolved SRV-BACKUP-01
ALR-00071 12h ago Shadow IT Discovery Informational Open SRV-FILE-01
ALR-00284 16h ago Shadow IT Discovery Informational Investigating SRV-SQL-01