Unusual Outbound Traffic
Medium
Open
ALR-00479 · 2026-07-11T08:02:11Z
Description
Unusual outbound traffic pattern from WS-LAP-010 to IP in Eastern Europe. 450MB transferred over non-standard port. Flagged by Attack Surface Scanner.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
08:02:11
Event ingested by SOC365 Engine
08:02:16
EmilyAI triage started — correlation enrichment
08:02:25
EmilyAI confidence: 86% — escalated to human analyst
08:02:39
Alert assigned to analyst: James Okonkwo
08:03:46
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00147 | 53m ago | DecoyPulse Honeypot Triggered | Medium | Resolved | WS-LAP-010 |
| ALR-00137 | 2h ago | Brute Force SSH | Informational | Open | WS-LAP-010 |
| ALR-00148 | 2h ago | Failed MFA Challenge | Low | Escalated | WS-LAP-010 |
| ALR-00167 | 8h ago | Anomalous DNS Query | Informational | Open | WS-LAP-010 |
| ALR-00145 | 12h ago | Shadow IT Discovery | Medium | Investigating | WS-LAP-010 |