Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:55:37 UTC

Data Exfiltration Attempt

Low Escalated
ALR-00497 · 2026-07-07T11:42:26Z

Description

Large data transfer (2.3GB) to cloud storage from FW-EDGE-01 by user 'p.thomas'. Cloud Connector DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID
ALR-00497
Timestamp
2026-07-07T11:42:26Z
Severity
Low
Status
Escalated
Detection Source
Cloud Connector
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
FW-EDGE-01
User Account
p.thomas
Source IP
185.101.220.164
Destination IP
10.1.215.219
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567.002
Reference
attack.mitre.org/techniques/T1567.002

Investigation Timeline

11:42:26 Event ingested by SOC365 Engine
11:42:29 EmilyAI triage started — correlation enrichment
11:42:33 EmilyAI confidence: 88% — escalated to human analyst
11:42:43 Alert assigned to analyst: EmilyAI (auto)
11:43:38 Investigation started — querying SIEM and threat intelligence
11:45:51 Containment action taken — endpoint isolated
11:56:36 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00063 1h ago Shadow IT Discovery Medium Open FW-EDGE-01
ALR-00457 3h ago Unusual Outbound Traffic High Investigating FW-EDGE-01
ALR-00039 4h ago Data Exfiltration Attempt Low False Positive SRV-BACKUP-01
ALR-00146 6h ago Unauthorised USB Device Informational Resolved FW-EDGE-01
ALR-00289 11h ago Certificate Anomaly Informational False Positive FW-EDGE-01