Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:51:18 UTC

Unusual Outbound Traffic

Low Resolved
ALR-00449 · 2026-07-05T20:49:45Z

Description

Unusual outbound traffic pattern from WS-LAP-012 to IP in Eastern Europe. 450MB transferred over non-standard port. Flagged by DLP Module.

Alert Metadata

Alert ID
ALR-00449
Timestamp
2026-07-05T20:49:45Z
Severity
Low
Status
Resolved
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-LAP-012
User Account
r.davies
Source IP
45.144.148.124
Destination IP
10.2.186.114
Origin Country
GB United Kingdom

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1041
Reference
attack.mitre.org/techniques/T1041

Investigation Timeline

20:49:45 Event ingested by SOC365 Engine
20:49:50 EmilyAI triage started — correlation enrichment
20:49:58 EmilyAI confidence: 89% — escalated to human analyst
20:50:23 Alert assigned to analyst: EmilyAI (auto)
20:52:31 Investigation started — querying SIEM and threat intelligence
20:56:07 Containment action taken — endpoint isolated
21:09:04 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00412 2h ago Credential Stuffing Attempt Informational False Positive WS-LAP-012
ALR-00369 4h ago Privilege Escalation Attempt Informational Investigating WS-LAP-012
ALR-00073 6h ago Suspicious Scheduled Task Low Resolved WS-LAP-012
ALR-00054 14h ago DecoyPulse Honeypot Triggered Informational Open WS-LAP-012
ALR-00131 17h ago Unusual Outbound Traffic Informational Open SRV-APP-01