DLP Policy Violation
Low
Escalated
ALR-00030 · 2026-07-08T19:57:48Z
Description
DLP policy violation: user 'a.wilson' attempted to email 3 files classified as 'Confidential' to external address from WS-PC-006.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
19:57:48
Event ingested by SOC365 Engine
19:57:52
EmilyAI triage started — correlation enrichment
19:57:59
EmilyAI confidence: 90% — escalated to human analyst
19:58:30
Alert assigned to analyst: EmilyAI (auto)
19:59:33
Investigation started — querying SIEM and threat intelligence
20:06:34
Containment action taken — endpoint isolated
20:09:33
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00092 | 8h ago | Kerberoasting Attempt | Medium | Escalated | WS-PC-006 |
| ALR-00450 | 14h ago | Brute Force SSH | Low | Resolved | WS-PC-006 |
| ALR-00128 | 15h ago | DLP Policy Violation | Low | Investigating | WS-PC-002 |
| ALR-00375 | 15h ago | DLP Policy Violation | Informational | Investigating | SW-CORE-01 |
| ALR-00340 | 16h ago | Tor Exit Node Connection | Informational | Escalated | WS-PC-006 |