Data Exfiltration Attempt

Informational False Positive

ALR-00457 · 2026-05-22T01:28:07Z

Description

Large data transfer (2.3GB) to cloud storage from SRV-BACKUP-01 by user 'm.taylor'. Attack Surface Scanner DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID: ALR-00457
Timestamp: 2026-05-22T01:28:07Z
Severity: Informational
Status: False Positive
Detection Source: Attack Surface Scanner
Assigned Analyst: EmilyAI (auto)

Endpoint Information

Hostname: SRV-BACKUP-01
User Account: m.taylor
Source IP: 45.28.148.36
Destination IP: 10.0.62.196
Origin Country: NG Nigeria

MITRE ATT&CK Mapping

Tactic: Exfiltration
Technique: T1567.002
Reference: attack.mitre.org/techniques/T1567.002

Investigation Timeline

01:28:07 Event ingested by SOC365 Engine

01:28:09 EmilyAI triage started — correlation enrichment

01:28:13 EmilyAI confidence: 81% — escalated to human analyst

01:28:41 Alert assigned to analyst: EmilyAI (auto)

01:29:20 Investigation started — querying SIEM and threat intelligence

01:33:16 Containment action taken — endpoint isolated

01:43:33 Alert resolved — remediation complete

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00461	1m ago	Data Exfiltration Attempt	Informational	Investigating	SW-CORE-01
ALR-00194	1h ago	Brute Force SSH	Medium	Escalated	SRV-BACKUP-01
ALR-00451	4h ago	Data Exfiltration Attempt	Medium	Investigating	WS-LAP-011
ALR-00212	11h ago	Data Exfiltration Attempt	Medium	Open	WS-PC-006
ALR-00259	12h ago	Data Exfiltration Attempt	Informational	Open	SRV-MAIL-01