Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:51:33 UTC

Shadow IT Discovery

Low Resolved
ALR-00500 · 2026-07-05T21:14:55Z

Description

Dark Web Monitor discovered unauthorised SaaS application (file sharing) used by 'a.wilson'. 14GB of company data synced to unapproved cloud storage.

Alert Metadata

Alert ID
ALR-00500
Timestamp
2026-07-05T21:14:55Z
Severity
Low
Status
Resolved
Detection Source
Dark Web Monitor
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-MAIL-01
User Account
a.wilson
Source IP
194.130.62.141
Destination IP
10.0.12.51
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Exfiltration
Technique
T1567
Reference
attack.mitre.org/techniques/T1567

Investigation Timeline

21:14:55 Event ingested by SOC365 Engine
21:14:57 EmilyAI triage started — correlation enrichment
21:15:08 EmilyAI confidence: 90% — escalated to human analyst
21:15:29 Alert assigned to analyst: EmilyAI (auto)
21:16:33 Investigation started — querying SIEM and threat intelligence
21:24:01 Containment action taken — endpoint isolated
21:29:44 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00439 5h ago DLP Policy Violation Medium False Positive SRV-MAIL-01
ALR-00150 9h ago Shadow IT Discovery Informational Investigating WS-PC-004
ALR-00057 9h ago Shadow IT Discovery Informational False Positive SW-CORE-01
ALR-00281 11h ago Shadow IT Discovery Low False Positive SRV-DC-01
ALR-00481 15h ago Anomalous DNS Query Low Resolved SRV-MAIL-01