Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:57:15 UTC

Unusual Outbound Traffic

Informational Escalated
ALR-00416 · 2026-04-11T10:09:38Z

Description

Unusual outbound traffic pattern from WS-LAP-011 to IP in Eastern Europe. 450MB transferred over non-standard port. Flagged by DLP Module.

Alert Metadata

Alert ID
ALR-00416
Timestamp
2026-04-11T10:09:38Z
Severity
Informational
Status
Escalated
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-LAP-011
User Account
p.thomas
Source IP
45.40.148.36
Destination IP
10.0.160.12
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1041
Reference
attack.mitre.org/techniques/T1041

Investigation Timeline

10:09:38 Event ingested by SOC365 Engine
10:09:40 EmilyAI triage started — correlation enrichment
10:09:46 EmilyAI confidence: 91% — escalated to human analyst
10:10:14 Alert assigned to analyst: EmilyAI (auto)
10:12:29 Investigation started — querying SIEM and threat intelligence
10:13:05 Containment action taken — endpoint isolated
10:23:04 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00419 10m ago Unusual Outbound Traffic Low Open SRV-BACKUP-01
ALR-00066 3h ago Unusual Outbound Traffic Medium False Positive FW-EDGE-01
ALR-00332 19h ago Unusual Outbound Traffic High Investigating SRV-DC-01
ALR-00141 19h ago Unusual Outbound Traffic Informational Escalated WS-LAP-010
ALR-00328 19h ago Unusual Outbound Traffic Informational Escalated WS-PC-004