Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:06:25 UTC

Data Exfiltration Attempt

Medium Resolved
ALR-00481 · 2026-05-25T02:24:54Z

Description

Large data transfer (2.3GB) to cloud storage from WS-PC-004 by user 'a.wilson'. DecoyPulse DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID
ALR-00481
Timestamp
2026-05-25T02:24:54Z
Severity
Medium
Status
Resolved
Detection Source
DecoyPulse
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
WS-PC-004
User Account
a.wilson
Source IP
45.104.148.113
Destination IP
10.2.67.48
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567.002
Reference
attack.mitre.org/techniques/T1567.002

Investigation Timeline

02:24:54 Event ingested by SOC365 Engine
02:24:59 EmilyAI triage started — correlation enrichment
02:25:00 EmilyAI confidence: 98% — escalated to human analyst
02:25:32 Alert assigned to analyst: James Okonkwo
02:26:04 Investigation started — querying SIEM and threat intelligence
02:31:35 Containment action taken — endpoint isolated
02:42:44 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00036 10h ago Privilege Escalation Attempt High Escalated WS-PC-004
ALR-00044 11h ago Data Exfiltration Attempt Medium False Positive WS-LAP-011
ALR-00118 11h ago Suspicious PowerShell Execution Informational False Positive WS-PC-004
ALR-00162 12h ago Data Exfiltration Attempt Medium Investigating SRV-SQL-01
ALR-00058 16h ago C2 Beacon Activity Low Investigating WS-PC-004