Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:20:41 UTC

Data Exfiltration Attempt

Informational Investigating
ALR-00425 · 2026-04-07T06:34:45Z

Description

Large data transfer (2.3GB) to cloud storage from SRV-MAIL-01 by user 'c.williams'. DLP Module DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID
ALR-00425
Timestamp
2026-04-07T06:34:45Z
Severity
Informational
Status
Investigating
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-MAIL-01
User Account
c.williams
Source IP
103.133.216.95
Destination IP
10.3.194.37
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567.002
Reference
attack.mitre.org/techniques/T1567.002

Investigation Timeline

06:34:45 Event ingested by SOC365 Engine
06:34:48 EmilyAI triage started — correlation enrichment
06:34:58 EmilyAI confidence: 98% — escalated to human analyst
06:35:10 Alert assigned to analyst: EmilyAI (auto)
06:36:40 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00477 3h ago Data Exfiltration Attempt High Escalated WS-LAP-012
ALR-00163 6h ago Data Exfiltration Attempt Informational Resolved SRV-WEB-01
ALR-00257 13h ago Data Exfiltration Attempt Low Resolved WS-PC-006
ALR-00059 13h ago Data Exfiltration Attempt Medium False Positive WS-PC-002
ALR-00078 15h ago Malware Signature Match Medium Resolved SRV-MAIL-01