Unusual Outbound Traffic
Medium
False Positive
ALR-00476 · 2026-07-06T04:04:18Z
Description
Unusual outbound traffic pattern from WS-PC-003 to IP in Eastern Europe. 450MB transferred over non-standard port. Flagged by Network IDS.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
04:04:18
Event ingested by SOC365 Engine
04:04:21
EmilyAI triage started — correlation enrichment
04:04:25
EmilyAI confidence: 85% — escalated to human analyst
04:05:02
Alert assigned to analyst: Sarah Chen
04:06:15
Investigation started — querying SIEM and threat intelligence
04:09:01
Containment action taken — endpoint isolated
04:15:08
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00395 | 19m ago | Unusual Outbound Traffic | High | Open | VM-DEV-01 |
| ALR-00182 | 16h ago | Lateral Movement Detected | Low | Escalated | WS-PC-003 |
| ALR-00084 | 16h ago | Unusual Outbound Traffic | High | Escalated | SW-CORE-01 |
| ALR-00161 | 18h ago | Rogue DHCP Server | High | Open | WS-PC-003 |
| ALR-00251 | 1d ago | Unusual Outbound Traffic | High | Open | WS-PC-004 |