Shadow IT Discovery
Low
Resolved
ALR-00026 · 2026-07-09T11:01:06Z
Description
Attack Surface Scanner discovered unauthorised SaaS application (file sharing) used by 'm.taylor'. 14GB of company data synced to unapproved cloud storage.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:01:06
Event ingested by SOC365 Engine
11:01:07
EmilyAI triage started — correlation enrichment
11:01:20
EmilyAI confidence: 79% — escalated to human analyst
11:01:39
Alert assigned to analyst: EmilyAI (auto)
11:02:51
Investigation started — querying SIEM and threat intelligence
11:10:01
Containment action taken — endpoint isolated
11:11:18
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00410 | 3h ago | Failed MFA Challenge | Low | False Positive | WS-PC-001 |
| ALR-00302 | 3h ago | Rogue DHCP Server | Critical | Investigating | WS-PC-001 |
| ALR-00480 | 17h ago | Suspicious PowerShell Execution | Medium | Open | WS-PC-001 |
| ALR-00220 | 19h ago | Certificate Anomaly | Medium | Open | WS-PC-001 |
| ALR-00256 | 1d ago | Shadow IT Discovery | Medium | Open | WS-PC-003 |