Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:39:27 UTC

Data Exfiltration Attempt

Low Escalated
ALR-00468 · 2026-07-04T23:11:00Z

Description

Large data transfer (2.3GB) to cloud storage from SRV-APP-01 by user 'h.roberts'. EmilyAI Triage DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID
ALR-00468
Timestamp
2026-07-04T23:11:00Z
Severity
Low
Status
Escalated
Detection Source
EmilyAI Triage
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-APP-01
User Account
h.roberts
Source IP
91.194.195.155
Destination IP
10.2.66.113
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567.002
Reference
attack.mitre.org/techniques/T1567.002

Investigation Timeline

23:11:00 Event ingested by SOC365 Engine
23:11:05 EmilyAI triage started — correlation enrichment
23:11:05 EmilyAI confidence: 88% — escalated to human analyst
23:11:18 Alert assigned to analyst: EmilyAI (auto)
23:12:53 Investigation started — querying SIEM and threat intelligence
23:16:42 Containment action taken — endpoint isolated
23:29:44 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00211 3h ago Anomalous DNS Query Medium False Positive SRV-APP-01
ALR-00064 8h ago Ransomware Behaviour Detected Medium Escalated SRV-APP-01
ALR-00284 13h ago Certificate Anomaly Low Investigating SRV-APP-01
ALR-00186 18h ago Data Exfiltration Attempt Low Escalated SRV-WEB-01
ALR-00217 18h ago Port Scan Detected Low Investigating SRV-APP-01