Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:05:20 UTC

Unusual Outbound Traffic

Medium Escalated
ALR-00454 · 2026-05-21T06:42:24Z

Description

Unusual outbound traffic pattern from WS-PC-006 to IP in Eastern Europe. 450MB transferred over non-standard port. Flagged by Network IDS.

Alert Metadata

Alert ID
ALR-00454
Timestamp
2026-05-21T06:42:24Z
Severity
Medium
Status
Escalated
Detection Source
Network IDS
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
WS-PC-006
User Account
m.taylor
Source IP
103.204.216.155
Destination IP
10.3.31.248
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1041
Reference
attack.mitre.org/techniques/T1041

Investigation Timeline

06:42:24 Event ingested by SOC365 Engine
06:42:28 EmilyAI triage started — correlation enrichment
06:42:32 EmilyAI confidence: 92% — escalated to human analyst
06:43:08 Alert assigned to analyst: Emma Richardson
06:43:40 Investigation started — querying SIEM and threat intelligence
06:51:19 Containment action taken — endpoint isolated
06:57:32 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00276 2h ago DLP Policy Violation Low Escalated WS-PC-006
ALR-00278 8h ago Tor Exit Node Connection Informational Open WS-PC-006
ALR-00287 9h ago Unusual Outbound Traffic Medium False Positive WS-PC-004
ALR-00107 13h ago Unusual Outbound Traffic Low False Positive SRV-APP-01
ALR-00355 16h ago Anomalous DNS Query Informational False Positive WS-PC-006