DLP Policy Violation
Medium
Open
ALR-00029 · 2026-07-07T08:05:47Z
Description
DLP policy violation: user 'l.johnson' attempted to email 3 files classified as 'Confidential' to external address from WS-PC-003.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
08:05:47
Event ingested by SOC365 Engine
08:05:50
EmilyAI triage started — correlation enrichment
08:05:57
EmilyAI confidence: 81% — escalated to human analyst
08:06:12
Alert assigned to analyst: Emma Richardson
08:06:59
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00389 | 10h ago | DLP Policy Violation | Medium | Escalated | FW-EDGE-01 |
| ALR-00273 | 10h ago | Lateral Movement Detected | Informational | False Positive | WS-PC-003 |
| ALR-00083 | 15h ago | DLP Policy Violation | Medium | False Positive | WS-LAP-010 |
| ALR-00023 | 1d ago | Ransomware Behaviour Detected | Low | False Positive | WS-PC-003 |
| ALR-00310 | 1d ago | DLP Policy Violation | Medium | False Positive | SRV-BACKUP-01 |