DLP Policy Violation
Low
False Positive
ALR-00009 · 2026-07-11T03:20:16Z
Description
DLP policy violation: user 'r.davies' attempted to email 3 files classified as 'Confidential' to external address from SRV-SQL-01.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
03:20:16
Event ingested by SOC365 Engine
03:20:21
EmilyAI triage started — correlation enrichment
03:20:28
EmilyAI confidence: 90% — escalated to human analyst
03:20:35
Alert assigned to analyst: EmilyAI (auto)
03:22:48
Investigation started — querying SIEM and threat intelligence
03:29:07
Containment action taken — endpoint isolated
03:32:26
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00347 | 8h ago | DLP Policy Violation | Informational | Open | WS-LAP-012 |
| ALR-00374 | 11h ago | DLP Policy Violation | Medium | Investigating | WS-LAP-012 |
| ALR-00082 | 15h ago | Unusual Outbound Traffic | Medium | Escalated | SRV-SQL-01 |
| ALR-00417 | 18h ago | DLP Policy Violation | Informational | Investigating | WS-LAP-010 |
| ALR-00077 | 1d ago | DLP Policy Violation | Low | False Positive | SRV-FILE-01 |