Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:07:07 UTC

Data Exfiltration Attempt

Informational Resolved
ALR-00459 · 2026-05-27T03:18:18Z

Description

Large data transfer (2.3GB) to cloud storage from SRV-MAIL-01 by user 'r.davies'. DLP Module DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID
ALR-00459
Timestamp
2026-05-27T03:18:18Z
Severity
Informational
Status
Resolved
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-MAIL-01
User Account
r.davies
Source IP
103.226.216.18
Destination IP
10.0.131.223
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567.002
Reference
attack.mitre.org/techniques/T1567.002

Investigation Timeline

03:18:18 Event ingested by SOC365 Engine
03:18:23 EmilyAI triage started — correlation enrichment
03:18:30 EmilyAI confidence: 88% — escalated to human analyst
03:18:41 Alert assigned to analyst: EmilyAI (auto)
03:19:32 Investigation started — querying SIEM and threat intelligence
03:25:27 Containment action taken — endpoint isolated
03:30:00 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00480 1h ago Rogue DHCP Server Low False Positive SRV-MAIL-01
ALR-00431 9h ago Data Exfiltration Attempt Medium Resolved SRV-SQL-01
ALR-00080 14h ago Data Exfiltration Attempt Informational Resolved SRV-WEB-01
ALR-00329 16h ago Data Exfiltration Attempt Low Investigating FW-EDGE-01
ALR-00496 17h ago Kerberoasting Attempt Low Resolved SRV-MAIL-01